Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Changing IPS from promiscous mode to Inline mode

Hi Experts,

We are changing our IPS (aip-ssm10) mode of operation from promiscous to Inline mode. Is there any caveats or anything i need to take into consideration before doing the switch? Is there a possibility to roll back incase something doesn't go the way we planned?

I look forward to your responses.

VIP Purple

Re: Changing IPS from promiscous mode to Inline mode

changing from promiscous to inline and back is done with the ips-command in the ASA MPF-config. So if you run into problems you can easily switch back.

What you should do before changing to inline:
- check your alerts for false positives and eliminate them first.
- if you can't eliminate all, make sure that the risk-rating doesn't exeed the threshold for the automatic deny-action if configured.
- and of course keep monitoring your events after the switch to inline.

Sent from Cisco Technical Support iPad App

Don't stop after you've improved your network! Improve the world by lending money to the working poor:
New Member

Changing IPS from promiscous mode to Inline mode

Thanks Karsten.

CreatePlease to create content