12-15-2013 06:58 AM - edited 03-10-2019 06:06 AM
I need some guidance on implementing Cisco ASA-525X IPS. I have a dedicated firewalls performing access controls and now have to implement a dedicated IPS on ASA-5525X. So in this case on my ASA IPS
a) I still need to create and bind ACL's (with full access since there is a dedicated firewall for access control) on all interfaces right?
b) What is the recommended way of IPS class-map acl creation? Is there any issue by defining acl's with permit ip any any?
Solved! Go to Solution.
12-19-2013 12:16 AM
If you want to use your ASA only as an IPS then all access-control has to be "permit any any". You even can activate state-bypass to remove any firewalling on that ASA. And when you go into transparent mode, it's quite similar to that what is done with the dedicated IPS-appliances.
On your service-policy you can use also "permit ip any any" to send all traffic to the ips-module.
Sent from Cisco Technical Support iPad App
12-19-2013 12:16 AM
If you want to use your ASA only as an IPS then all access-control has to be "permit any any". You even can activate state-bypass to remove any firewalling on that ASA. And when you go into transparent mode, it's quite similar to that what is done with the dedicated IPS-appliances.
On your service-policy you can use also "permit ip any any" to send all traffic to the ips-module.
Sent from Cisco Technical Support iPad App
12-19-2013 01:57 AM
How can I activate state-bypass to remove firewalling on ASA?
12-19-2013 02:04 AM
It's configured in an TCP-Map:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/conns_connlimits.html
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide