Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5540 Firewall

Does the 5540 without the AIP-SSM module have a Fail-Close option?

4 REPLIES
Cisco Employee

Re: ASA 5540 Firewall

Hi,

Yes. Please refer the below URL for configuration details:

"ips promiscuous fail-close"

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i3_72.html#wp1733789

Regards,

Arul

*Pls rate if it helps*

New Member

Re: ASA 5540 Firewall

Arul, thanks, but, this still refers to the AIP SSM Module. I do not have one in my system. Does this still applies?

Cisco Employee

Re: ASA 5540 Firewall

Hi,

One of these days, I need to get my glasses :-)

My understanding is, the above commands apply only if you have a SSM in the chassis. The reason being, you don't want the ASA to drop traffic if the SSM Fails.

But, if you are doing IPS on the ASA itself, meaning no SSM, I dont think you have an option of fail close.

Regards,

Arul

New Member

Re: ASA 5540 Firewall

Arul,

Thanks I thought that was the case.

297
Views
4
Helpful
4
Replies
CreatePlease to create content