I am a bit confused with configuring IPS in the ASA (with installed SSM module). I appresiate your feedback for this scenario:
This is our ASA configuration portion relevant to IPS. I did this to block instant messaging ...
strict-http action allow log
port-misuse p2p action drop log
port-misuse tunnelling action drop log
port-misuse im action drop log
description Traffic Class to block IM
inspect http TestHTTPMap
ips inline fail-open
service-policy global_policy global
I also used "Deny Connection Inline" in the Signature Configuration of SSM (for signatures related to instant messaging, peer to peer file sharing and http tunnelling).
1. Does blocking happen at SSM or at ASA level or both!? I had to drop/deny connections both in http map configutation (ASA) and signature configuration (SSM)
2. With the above configuration, what would be the best to do to block virus, worm and other malicious code? I think I can just inspect all types of traffic under the "class global_class_ForIM" above by adding more inspect commands. I also need to deny connections as the Action for signatures related to viruses and worms. Is this correct?
Cisco IDS Network Sensor identifies web application attacks, which include those used by the Nimda worm. The Network Sensor is able to identify attacks and provide details about the affected or compromised hosts to isolate the Nimda infection.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :