I have recently upgraded my AIP-SSM-20 modules to 6.0(5)E2 at the recommendation of Cisco. I have 2 ASA5520s in single-context mode in an Active/Standby configuration. 1 module in each FW.
I have the IPS in promiscuous mode at the moment because honestly, I have no clue how to configure or effectily implement this tool.
I've been fumbling around the GUI / CLI and I have added the "host" firewalls as blocking devices (10.1.1.3, and 10.1.1.5), and set them to communicate via SSH 3DES. I created a profile called ASA that includes the login information. Since I have update the IPS firmware, I see a log message in ASDM saying:
TCP access denied by ACL from 10.1.1.65/46906 to inside:10.1.1.3/23.
I get this message for 10.1.1.65 and 10.1.1.68, the two IPS modules. I have verified that the correct credentials are configured in the IPS, as well as the correct connection type. I have removed the "Blocking Devices" config and then reapplyed it, still no change. Why is the IPS trying to telnet to the firewall when it's explicitly configured to SSH? Any ideas would be great. Thanks!
Yes, I've done that. I removed both hosts, and then readded them. I thought maybe it had somthing to do with a bad key, so I removed the host keys for both firewalls, then had the IPS go grab them again. Thanks for the feedback.
I already allow the 10.1.1.0 /24 network via SSH to the inside interface of the fw. It's very strange because the IPS is not using SSH as it should, it's trying to connect on port 23, which is telnet, not port 22 as it should. Thanks for the suggestion. Any other ideas??
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...