Solved: ASA 5525-X IPS Deployment

avilt · ‎12-15-2013

I need some guidance on implementing Cisco ASA-525X IPS. I have a dedicated firewalls performing access controls and now have to implement a dedicated IPS on ASA-5525X. So in this case on my ASA IPS

a) I still need to create and bind ACL's (with full access since there is a dedicated firewall for access control) on all interfaces right?

b) What is the recommended way of IPS class-map acl creation? Is there any issue by defining acl's with permit ip any any?

Karsten Iwen · ‎12-19-2013

If you want to use your ASA only as an IPS then all access-control has to be "permit any any". You even can activate state-bypass to remove any firewalling on that ASA. And when you go into transparent mode, it's quite similar to that what is done with the dedicated IPS-appliances.

On your service-policy you can use also "permit ip any any" to send all traffic to the ips-module.

Sent from Cisco Technical Support iPad App

View solution in original post

Karsten Iwen · ‎12-19-2013

If you want to use your ASA only as an IPS then all access-control has to be "permit any any". You even can activate state-bypass to remove any firewalling on that ASA. And when you go into transparent mode, it's quite similar to that what is done with the dedicated IPS-appliances.

On your service-policy you can use also "permit ip any any" to send all traffic to the ips-module.

Sent from Cisco Technical Support iPad App

avilt · ‎12-19-2013

How can I activate state-bypass to remove firewalling on ASA?

Karsten Iwen · ‎12-19-2013

It's configured in an TCP-Map:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/conns_connlimits.html

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni