Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA and IPS - AIP Modules

Looking at the new ASA range of firewall and would like one with IPS ability. It seems now you need the AIP SSM modules which are more than doubling the price of the firewall. Does anyone know if the ASA5510 has any IDS/IPS features or if the model required?

The old PIX used to have basic IDS feature if I recall.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA and IPS - AIP Modules

Hi .. yes indeed the ASA also supports those basics IDS features .. but they are basic and statics. if you want to be serious about packet inspections then you really need to opt for a IPS module or a sensor.

I hope it helps .. please rate it if it does !!

From Cisco Doc:

"Step 1 To define an IP audit policy for informational signatures, enter the following command:

hostname(config)# ip audit name name info [action [alarm] [drop] [reset]]

Where alarm generates a system message showing that a packet matched a signature, drop drops the

packet, and reset drops the packet and closes the connection. If you do not define an action, then the

default action is to generate an alarm.

Step 2 To define an IP audit policy for attack signatures, enter the following command:

hostname(config)# ip audit name name attack [action [alarm] [drop] [reset]]

Where alarm generates a system message showing that a packet matched a signature, drop drops the

packet, and reset drops the packet and closes the connection. If you do not define an action, then the

default action is to generate an alarm.

Step 3 To assign the policy to an interface, enter the following command:

ip audit interface interface_name policy_name

Step 4 To disable signatures, or for more information about signatures, see the ip audit signature command in

the Cisco Security Appliance Command Reference."

3 REPLIES

Re: ASA and IPS - AIP Modules

Hi .. yes indeed the ASA also supports those basics IDS features .. but they are basic and statics. if you want to be serious about packet inspections then you really need to opt for a IPS module or a sensor.

I hope it helps .. please rate it if it does !!

From Cisco Doc:

"Step 1 To define an IP audit policy for informational signatures, enter the following command:

hostname(config)# ip audit name name info [action [alarm] [drop] [reset]]

Where alarm generates a system message showing that a packet matched a signature, drop drops the

packet, and reset drops the packet and closes the connection. If you do not define an action, then the

default action is to generate an alarm.

Step 2 To define an IP audit policy for attack signatures, enter the following command:

hostname(config)# ip audit name name attack [action [alarm] [drop] [reset]]

Where alarm generates a system message showing that a packet matched a signature, drop drops the

packet, and reset drops the packet and closes the connection. If you do not define an action, then the

default action is to generate an alarm.

Step 3 To assign the policy to an interface, enter the following command:

ip audit interface interface_name policy_name

Step 4 To disable signatures, or for more information about signatures, see the ip audit signature command in

the Cisco Security Appliance Command Reference."

New Member

Re: ASA and IPS - AIP Modules

Hi - thanks for reponse. Looking on the old PIX PDM I see it under System Properties > Intrusion Detection. I can;t see anything similar on the ASA I have - where is this in SDM manager?

Thanks

New Member

Re: ASA and IPS - AIP Modules

hi - found it under IP audit.

thanks

Rob

261
Views
0
Helpful
3
Replies
CreatePlease to create content