New SSM40 install

Unanswered Question
May 1st, 2012

Im working on configureing an SSM40 on a 5520. I want all traffic entering and leaving the network to be scanned before being passed to the ASA. My question is when Im setting the sensor up under the traffic allocation tabdose selecting the Global policy satisfy this need above? I have seen some configuration guide where aa class map is needed on the ASA to actually send traffic to the sensor? Is this class map needed?

Also another ASA I seen running SSM10 under the backplane the mode was "unpaired" should this be paired?                   

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
enkrypter Mon, 05/07/2012 - 11:54

I'd reccomend setting up the policy so that it matches an access-list in a class-map, as opposed to just sending it to the IPS.  The ACL will show up in the ASDM and provide you with a check box to easily disbale the ACL rule and thus disable the IPS should you ever need to turn it off.  The ACL should be a simple permit IP any any....


Login or Register to take actions

This Discussion

Posted May 1, 2012 at 11:51 AM
Replies:3 Avg. Rating:
Views:405 Votes:0
Tags: install, asa, ips, 5520, ssm, new

Related Content


Discussions Leaderboard

Rank Username Points
1 823
2 668
3 603
4 526
5 367
Rank Username Points