I recently ordered an ASA5512-X without IDS and want to take advantage of the 60 day trial licence to see whether to buy 5512-X instead of 5510s in the future. I have applied for, and received, trial licences from Cisco and these have been received as 2x .LIC files. Rather confusingly, the two emails show the products are "IPS-Trial" and "IPS trial license"
Within the emails with each licence file, the instructions say to access the IPS using either IDM or the command line to upload these files. Looking through the quick-start guide (http://www.cisco.com/en/US/docs/security/asa/quick_start/ips/ips_qsg.html) it says the IPS is available using management0/0 with the IP address 192.168.1.2 but I cannot get any response from this IP address. Similarly, if I try to contact the IPS from the command line, I get the following:
ciscoasa# session ips
Opening command session with module ips.
Module ips did not respond to session request.
Am I missing something here? If I do a "sh ver", the licenced features show the IPS as disabled:
IPS Module : Disabled perpetual
So, is there a third licence with an activation tuple needed to enable this for 60 days? If so, where do I apply for this? My reseller are being less than helpful but that's a different story.
For the 5500-X integrated platform, there are two license that will be required to enable IPS. First, you will need the IPS feature license for the ASA. This will allow you to redirect traffic to the IPS for inspection. Second, you will need an IPS signature license to allow you to update the IPS to the latest signature package. In both cases, the serial # that you want to reference when requesting the license keys will be the one found in the "sh version" or "sh inventory" output.
Because the ASA was ordered without the IPS enabled, you will need to take one additional step in order to get the IPS online. Below is a quick overview of the steps:
Visit CCO and download the IPS-SSP_5512-K9-sys-1.1-a-7.1-4-E4.aip software image
Copy the above image to disk0: on the ASA
Issue the following from enable mode on the ASA: sw-module module ips recover configure image disk0:/IPS-SSP_5512-K9-sys-1.1-a-7.1-4-E4.aip
Issue the following from enable mode on the ASA: sw-module module ips recover boot
This will load the latest IPS software onto the 5512
Issue the "show module ips details" command to monitor the status
Once the IPS is in an Up state, you can then issue the "session ips" command to begin the initial configuration
Feel free to PM me the license keys if you want me to check out what you have. Alternatively, you can open up a case with TAC so we can help you out.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...