cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
1
Replies

ASA 5520 - IPS SSM to cisco.com updates

roomaswawa
Level 1
Level 1

Hello guys

I am newbie to ASA firewalling.

I have ASA with IPS SSM-20

oustside port 10.10.0.1

managment port 192.168.1.1

sensor port 192.168.1.2

I have to do setup IPS SSM-20 to pick up auto updates from cisco.com

From outside port I can ping any internet IP end mangement and sensor port as well

From sensor port I can't ping any outside port

Now, I'd like setup sensor port to communicate to cisco.com

What I have to do ??

thanks for every suggestion

regards

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

From the sensor mgmt port, you won't be able to ping the ASA outside interface ip address as it is not supported. From the sensor, you should be able to ping the ASA mgmt interface 192.168.1.1.

However, if your ASA mgmt interface is a management-only interface, then it would not route the traffic from the sensor towards the Internet, as if it is configured with "management-only", then it can only be used for management to the ASA. You can remove the "management-only" from the ASA mgmt interface if you would like to route the sensor traffic towards the Internet for the auto update to cisco.com. Please also make sure that you have configured NAT for the mgmt interface to traffic gets translated to reach the Internet.

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: