Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA5510 and IPS module

We have an ASA 5510 with an IPS module.

Can the two be configured for access seperately?

For example someone having access to the ASDM can only view the firewall config but edit and manage the IPS module.

And the iopposite of view the IDS module and manage the firewall config.

The IPS module has its own IP Address.

4 REPLIES

Re: ASA5510 and IPS module

Yes Wilson, just use separate passwords for each.

But just make sure both guys are good friends otherwise the IPS guy could block all traffic for the ASA guy and the ASA guy could shutdown/reset the IPS module using the CLI :)

Regards

Farrukh

New Member

Re: ASA5510 and IPS module

We have our ASAs using AAA pointing to a TACACS server.

How would it be done in this case?

New Member

Re: ASA5510 and IPS module

Hi Wilson,

you can add 2 user accounts to the AAA server, one is othorized to manage ASA and the other is othorized to manage IPS module. and you have to configure AAA authentication on the IPS module.

B.regards,

Re: ASA5510 and IPS module

You can have separate usernames for IPS and ASA. To further secure this, you can use Network Access Restrictions (but they sometimes do not work well with security devices as they don't send the complete information). Also the IPS does not support AAA, so there you will have to use local database anyway (thereby isolating things).

Regards

Farrukh

347
Views
19
Helpful
4
Replies
CreatePlease to create content