cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
457
Views
0
Helpful
3
Replies

ASA5510 with AIP-SSM deployment question

a.pawar
Level 1
Level 1

Hi

I am slightly confused about this kit. We just want to implement ASA 5510 as IDS at the moment ;doing no more than just watching Traffic from one Vlan. My questions are

1) I have configured it in Promis. mode. I have configured Port Span on the switch with source as vlan 168 and destination as Gig 0/1 on the ASA box.

-->Can I use just this interface to sense the traffic with No Inside or outside interface defined.?

2)I have configured Service Policy through ADSM and assigned Gig 0/1 to Virtual sensor

---> It just shows Gig 0/1 under VS0 why is that ? does this mean I can use only one interface for Promis. mode?

3)The Live Monitoring in GUI was showing absolutely no traffic on Gig 0/1. The Span was ok but not sure why this didn't get any traffic.

when I connected a machine directly to gig 0/1 and did a packet capture I could see packets there.

Am I missing anyhting here??? ANy help on this will be greatly appreciated.

Regards,

Atul

3 Replies 3

jshelmer
Level 1
Level 1

Atul-

Check out my previous post which steps through how to get the IPS module working inside an ASA appliance.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1ddbdb7d/0#selected_message

This should help you get it working properly. Please remember to rate helpful posts. Thanks!

-Jon

Hi Jon

Thanks for your reply. I have seen your previous post and the Links as well. All the examples show configuration with Inside,Outside interface which is different to what I am trying to achieve here. I just want to use Gig 0/1 as sensor receiving Spanned Traffic. Probably the answer is simple but I failed to see any traffic on Gig 0/1 when deployed this way. And yes I has policy directing 'Any Traffic' to it.

Thanks

Atul

I believe in order to get this scenario to work, the ASA will need to be placed inline via Layer 2. I don't believe hanging it off of a SPAN port will work.

I believe this is done by tying two separate VLANs together into a single broadcast domain via the ASA. Once the ASA is inline as such, it should see all of the Layer 2 traffic, and send the appropriate traffic to the IPS via the service-policy. Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: