Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA SSM-20 is not working as expected

Dear Forum,

we have an ASA 5510 with an IPS Module SSM20. When i penetrate the ASA with NMAP from the outside interface i can detect the OS of the servers in the DMZ.

When i allow the ip address of my testing machine on the outside interface the IPS is logging some TCP SYN PORT SWEEPS but not the NMAPFingerprint Event.

Thanks for your advises

Alex

1 REPLY
Community Member

Re: ASA SSM-20 is not working as expected

It is my understanding that the IPS modules analyze packets permitted to traverse through the host ASA. If your ASA ACL only allows TCP 80 and 443, then it might not look like a sweep to the IPS module's rule. The SSM IPS does not see that which is stopped by the ASA.

Now, if you built a server, placed it in a new/separate (no access from outside) DMZ and permitted an inside host ip any any and then ran a sweep, see if it fires then.

190
Views
0
Helpful
1
Replies
CreatePlease to create content