ASA 5520 - IPS SSM to updates

Unanswered Question
May 12th, 2010
User Badges:

Hello guys

I am newbie to ASA firewalling.

I have ASA with IPS SSM-20

oustside port

managment port

sensor port

I have to do setup IPS SSM-20 to pick up auto updates from

From outside port I can ping any internet IP end mangement and sensor port as well

From sensor port I can't ping any outside port

Now, I'd like setup sensor port to communicate to

What I have to do ??

thanks for every suggestion


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Wed, 05/12/2010 - 05:07
User Badges:
  • Cisco Employee,

From the sensor mgmt port, you won't be able to ping the ASA outside interface ip address as it is not supported. From the sensor, you should be able to ping the ASA mgmt interface

However, if your ASA mgmt interface is a management-only interface, then it would not route the traffic from the sensor towards the Internet, as if it is configured with "management-only", then it can only be used for management to the ASA. You can remove the "management-only" from the ASA mgmt interface if you would like to route the sensor traffic towards the Internet for the auto update to Please also make sure that you have configured NAT for the mgmt interface to traffic gets translated to reach the Internet.

Hope that helps.


This Discussion