Solved: ASA-IPS auto update Cisco.com

Chin · ‎06-23-2014

Hi Everyone,

Need some help from expert who familiar with ASA-IPS.

Currently i have implemented ASA-IPS. I have set that the IPS address as my management ip range. But somehow, i found that my management ip range are not permitted to internet.

Is that possible I change my IPS's ip address to other ip range which can access internet and during the ip address change, will the IPS will trigger downtime?

johflore · ‎07-04-2014

Tppsupport,

What ASA model do you have? is that IPS software based? Check out who's default gateway of IPS and if is it firewall check out about NAT. " will the IPS will trigger downtime?" No. In failover scenario will trigger failover in case IPS becomes "unresponsive" or down from backplane's perspective. So configuration changes will not trigger failover just if reload is necessary.

Johan.

View solution in original post

johflore · ‎07-04-2014

Tppsupport,

What ASA model do you have? is that IPS software based? Check out who's default gateway of IPS and if is it firewall check out about NAT. " will the IPS will trigger downtime?" No. In failover scenario will trigger failover in case IPS becomes "unresponsive" or down from backplane's perspective. So configuration changes will not trigger failover just if reload is necessary.

Johan.

Chin · ‎07-06-2014

Hi Johflore,

Yes, I found was the routing and gateway issue. After put the correct route and gateway. it able to connect to internet and update the IPS signature.

Thanks

Tommy

johflore · ‎07-07-2014

Tommy,

Thanks for reply and great news to know issue is resolved.

It was a pleasure.

Johan.