Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
1
Replies

AIP-SSM20

Go to solution
thomasandy32
Level 1
Level 1

‎06-26-2010 05:37 AM - edited ‎03-11-2019 11:04 AM

hello Friends,

I have two ASA with AIP-SSM20 i m little bit confuse as if now my 1 of the ASA is in standby that means my AIP-SSM20 on the standby is also idle??? because no traffic is forwarded to ASA when it is in standby mode.??? pls correct me if i m wrong,

when i telnet to IPS of standby ASA it is not accessible and also i can't see any logs from the IPS which is in standby mode of ASA in  IME, (IPS MANAGER EXPRESS) i can see only logs from IPS which is on active ASA.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎06-26-2010 10:58 PM

You are absolutely correct. When the ASA is in standby mode, there won't be any traffic going through the ASA, hence nothing will be forwarded towards the AIP module as well because traffic to be inspected by the AIP module is routed through the ASA backplane.

The AIP module on the standby ASA needs to be setup manually as well (ie: configuration will not be synchronised from the active AIP module towards the standby). You would need to configure a unique ip address on the standby AIP module and the port on the module needs to be connected to the network and be accessible. Further to that, if there is no traffic passing through the ASA (when it's in standby mode), there won't be any logs generated by the AIP module because traffic doesn't pass through it.

Hope that helps.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎06-26-2010 10:58 PM

You are absolutely correct. When the ASA is in standby mode, there won't be any traffic going through the ASA, hence nothing will be forwarded towards the AIP module as well because traffic to be inspected by the AIP module is routed through the ASA backplane.

The AIP module on the standby ASA needs to be setup manually as well (ie: configuration will not be synchronised from the active AIP module towards the standby). You would need to configure a unique ip address on the standby AIP module and the port on the module needs to be connected to the network and be accessible. Further to that, if there is no traffic passing through the ASA (when it's in standby mode), there won't be any logs generated by the AIP module because traffic doesn't pass through it.

Hope that helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card