Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
1
Replies

AIP-SSM inline mode Question

mohamed_makled
Level 1
Level 1

‎08-06-2008 05:56 AM - edited ‎03-10-2019 04:14 AM

Dear all

i have an ASA 5520 with ips module . i installed it since 3 weeks. For the ips module , it is installed in inline mode.

Till now i didnot see any events appeared on the sensor.i configured it to scan http traffic from any source to the inside LAN subnet (10.1.0.0/16)

can i know that if the sensor is working properly or not?? and how ???

The following is the configuration on the ASA:

access-list outside_mpc extended permit tcp any 10.1.0.0 255.255.0.0 eq www

class-map outside-class

match access-list outside_mpc

policy-map outside-policy1

class outside-class

ips inline fail-open sensor vs0

service-policy outside-policy1 interface outside.

please find the attached file for ips config.

Thanks

Labels:
Preview file
3 KB
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎08-06-2008 07:58 AM

Your config looks very similar to my working ASA confis. The only exception is your virtual sensor entries in the ASA and the IPS. If you don't need them they can be left out.

Assuming your config is correct, you can try opening up your access list to more traffic and see if you get events. You can turn on signature 2004 for ICMP echo replies if you want to stimulate some events for yourself.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card