Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Any Luck Editing Actions on Events with ASA SSM

W are running an ASA 5540 failover pair with SSM-40 modules.  When using the IME version 7.0.2 to manage the IPS we have not been successful in getting anything to work but "Deny Attacker Inline."  Nothing else works.  We have tried every option under the Actions and none work.  There are many signatures that we would like blocked, but only that signature.  ie. block Bittorrent but allow internet access.

4 REPLIES

Re: Any Luck Editing Actions on Events with ASA SSM

Which mode have you configured on the ASA firewall? Inline or Promiscuous?

New Member

Re: Any Luck Editing Actions on Events with ASA SSM

Hello and thanks for the reply.  It is running inline.

And we have not had any luck getting the other options to work.

Re: Any Luck Editing Actions on Events with ASA SSM

If you manage the device through ASDM or IME should not make a difference.

What I would suggest is to test the action on a simple signature, like the ICMP ones (e.g. Sig 2004, you have to enable it first) and not a complex one like P2P etc.

Also what is exactly happening with the other actions? Do you see the signature fire in IME with the 'action' listed? Or the action field is empty in the IME alerts? Or the signature does not fire at all?


Regards

Farrukh

New Member

Re: Any Luck Editing Actions on Events with ASA SSM

The IPS sees the event and logs it, the action selected doesn't work other than the "Deny Attacker."  We would like to have the IPS just stop the event, but that is the problem.  We have used ASDM and IME latest versions.  The IPS has the latest versions too.  It just doesn't work!

440
Views
0
Helpful
4
Replies
CreatePlease to create content