Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5520 - IPS SSM to cisco.com updates

Hello guys

I am newbie to ASA firewalling.

I have ASA with IPS SSM-20

oustside port 10.10.0.1

managment port 192.168.1.1

sensor port 192.168.1.2

I have to do setup IPS SSM-20 to pick up auto updates from cisco.com

From outside port I can ping any internet IP end mangement and sensor port as well

From sensor port I can't ping any outside port

Now, I'd like setup sensor port to communicate to cisco.com

What I have to do ??

thanks for every suggestion

regards

1 REPLY
Cisco Employee

Re: ASA 5520 - IPS SSM to cisco.com updates

From the sensor mgmt port, you won't be able to ping the ASA outside interface ip address as it is not supported. From the sensor, you should be able to ping the ASA mgmt interface 192.168.1.1.

However, if your ASA mgmt interface is a management-only interface, then it would not route the traffic from the sensor towards the Internet, as if it is configured with "management-only", then it can only be used for management to the ASA. You can remove the "management-only" from the ASA mgmt interface if you would like to route the sensor traffic towards the Internet for the auto update to cisco.com. Please also make sure that you have configured NAT for the mgmt interface to traffic gets translated to reach the Internet.

Hope that helps.

325
Views
0
Helpful
1
Replies
CreatePlease to create content