Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1484
Views
0
Helpful
1
Replies

ASA -SSM 40 config review

virgoboy009
Level 1
Level 1

‎06-23-2010 12:32 AM - edited ‎03-10-2019 05:02 AM

Hello Friends,

I would like to know the following ASA and SSM-40 configuration meeting the standard configuration and please let me know

how do i further do advance config to get out of this IPS module.

Also I am using IME 6.2 tool to monitor ASA -SSM 40  but it is giving all basic monitoring data, do we need to do any further config on ASA-SSM 40 so it

it will show all critical logs.

Finally i am seeing the below related to IPS license expired error.


***LICENSE NOTICE***
The license key on the SSM-IPS40 has expired.
The system will continue to operate with the currently installed
signature set.  A valid license must be obtained in order to apply
signature updates.  Please go to http://www.cisco.com/go/license
to obtain a new license or install a license.
HQ-IPS-SSM40-ASA5520#

Highly appreciate all your response.

Regards,

KA.

Labels:
68164-IPS_Internet_ASA@23rd'2010.txt.zip
0 Helpful
1 Reply 1

Scott Fringer
Cisco Employee
Cisco Employee

‎06-23-2010 03:28 AM

KA;

  Your configuration is very standard and should allow the AIP-SSM to successfully inspect traffic traversing the ASA.

  I am not sure what you are asking when you say,"it will show all critical logs."  IPS  Manager Express (IME) is designed to retrieve all signature related (alert) events from Cisco IPS sensors (unless the managed sensor is configured to exclude specific severity levels).  IME will not retrieve system level (error) events; this is not currently possible.

  In regard to your licensing issue, you will need to have the AIP-SSM's serial number added to a valid support contract with signature update support.  This will allow you to apply an updated license which will in turn allow you to update the signatures.  If the AIP-SSM is currently on a valid support contract, you can attempt to retrieve an updated license for the sensor via IME.  Navigate to the following:

Configuration>Sensor Management>LIcensing

  Choose "Cisco.com" for the "Update From:" option and then click "Update License".

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card