Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
2
Replies

AIP-SSM configuration / blocking SMTP

carlos.allevato
Level 1
Level 1

‎12-17-2007 04:05 PM - edited ‎03-10-2019 03:54 AM

Hi all,

I need some help regarding a deployment of a IPS module on a ASA. I configured it in transparent mode, with the intention to only monitor the traffic going through the module. Otherwise after aplying the policy and put it in operation, it started blocking SMTP and ICMP traffic. Here follows the configuration applied to it:

class-map outside-class

match any

policy-map outside-policy

class outside-class

ips promiscuous fail-open

!

service-policy outside-policy interface outside

Is there anything else I should consider to put this module just monitoring the traffic instead of having it denying any traffic?

Thanks in Advance

Labels:
0 Helpful
2 Replies 2

marcabal
Cisco Employee
Cisco Employee

‎12-18-2007 08:55 AM

You may need to create an access-list permitting all traffic, and then apply the access-list to both interfaces in both directions (in and out).

This will ensure connections can go from the lower security zone to the higher as well as from the higher security zone to the lower.

You may also need to add icmp permit lines to permit icmp traffic through each interface.

0 Helpful

carlos.allevato
Level 1
Level 1
In response to marcabal

‎12-18-2007 09:15 AM

Thanks Marcabal for your reply. I'll proceed with the changes and let you know about the results.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card