Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA 5520 IPS with ASA 5540

Unanswered Question
May 27th, 2012
User Badges:


I have an ASA 5540 F/W and a ASA 5520 IPS with AIP-SSM 20.

Rite now ASA 5540 is conected with the internet Router on the outside interface , there is an inside zone and a DMZ zone as well.

My Question is where shud i put IPS?

1_ Between the internet router and the ASA 5540

2_ or in the inside zone ?

If i were to put it in between the outside zone i.e between ASA 5540 Outside and the internet router then do i require separate WAN ips for the inside and outside of IPS ?? currently as required ASA 5540 outside has been configured a WAN ip

Please help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sawgupta Sun, 05/27/2012 - 23:12
User Badges:
  • Bronze, 100 points or more

It depends on your requirement. However configuration should be like "Internet Router <--> ASA 5540 <--> IPS"


Sawan Gupta

aryarahul Mon, 05/28/2012 - 00:25
User Badges:

Thanks for the reply ..

so if i were to put it as Internet Router -- ASA 5540 --ASA 5520 (IPS) then shud IPS be put in the DMZ zone ??or the Inside zone ..i guess it shud b in the DMZ zone ...in that case it will be assigned a LAN ip on both interfaces.?

Todd Pula Fri, 06/01/2012 - 09:50
User Badges:
  • Silver, 250 points or more

I am not sure I understand your requirement for the second ASA.  You could just install the SSM-20 into the 5540 and choose to inspect traffic either globally (all interfaces) or on a subset of interfaces.

jocamare Mon, 04/01/2013 - 09:19
User Badges:
  • Silver, 250 points or more

Try this command from the ASA's CLI.

"hw-module module 1 password-reset"

aryarahul Sun, 04/14/2013 - 22:54
User Badges:

if IPS is to be installed along with a separate ASA then what shud be the architecture

i have 2 ASA 5540 configured as Cluster and a Separate ASA IPS 5520

where shud i put the ASA 5520 ???


This Discussion