cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1417
Views
0
Helpful
8
Replies

ASA 5520 IPS with ASA 5540

aryarahul
Level 1
Level 1

Hi,

I have an ASA 5540 F/W and a ASA 5520 IPS with AIP-SSM 20.

Rite now ASA 5540 is conected with the internet Router on the outside interface , there is an inside zone and a DMZ zone as well.

My Question is where shud i put IPS?

1_ Between the internet router and the ASA 5540

2_ or in the inside zone ?

If i were to put it in between the outside zone i.e between ASA 5540 Outside and the internet router then do i require separate WAN ips for the inside and outside of IPS ?? currently as required ASA 5540 outside has been configured a WAN ip

Please help

8 Replies 8

sawgupta
Level 1
Level 1

It depends on your requirement. However configuration should be like "Internet Router <--> ASA 5540 <--> IPS"

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

Thanks for the reply ..

so if i were to put it as Internet Router -- ASA 5540 --ASA 5520 (IPS) then shud IPS be put in the DMZ zone ??or the Inside zone ..i guess it shud b in the DMZ zone ...in that case it will be assigned a LAN ip on both interfaces.?

anybdy ??

I am not sure I understand your requirement for the second ASA.  You could just install the SSM-20 into the 5540 and choose to inspect traffic either globally (all interfaces) or on a subset of interfaces.

hi please i want to ask a question about the ASA IPS Password

i lost my ASA IPS PASSWORD what to do? 

Try this command from the ASA's CLI.

"hw-module module 1 password-reset"

thanks for your reply

but what about the existing configuration or this command will not effect the configuration

if IPS is to be installed along with a separate ASA then what shud be the architecture

i have 2 ASA 5540 configured as Cluster and a Separate ASA IPS 5520

where shud i put the ASA 5520 ???

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: