Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5520 - IPS SSM to updates

Hello guys

I am newbie to ASA firewalling.

I have ASA with IPS SSM-20

oustside port

managment port

sensor port

I have to do setup IPS SSM-20 to pick up auto updates from

From outside port I can ping any internet IP end mangement and sensor port as well

From sensor port I can't ping any outside port

Now, I'd like setup sensor port to communicate to

What I have to do ??

thanks for every suggestion


Cisco Employee

Re: ASA 5520 - IPS SSM to updates

From the sensor mgmt port, you won't be able to ping the ASA outside interface ip address as it is not supported. From the sensor, you should be able to ping the ASA mgmt interface

However, if your ASA mgmt interface is a management-only interface, then it would not route the traffic from the sensor towards the Internet, as if it is configured with "management-only", then it can only be used for management to the ASA. You can remove the "management-only" from the ASA mgmt interface if you would like to route the sensor traffic towards the Internet for the auto update to Please also make sure that you have configured NAT for the mgmt interface to traffic gets translated to reach the Internet.

Hope that helps.

CreatePlease to create content