Hi,
you need to do couple of things to get this to work.
1. Configuration on ASA to forward the traffic to the module
2. Chose whether you are going to plug the IPS in inline/promiscious mode
3. Configure the IPS module
Configuring ASA to forward the traffic to the module:-
access-l IPS permit ip any any
class-IPS
match access-list IPS
policy-map global-policy
class IPS
IPS inline/promiscious fail-open/fail-close
When you do this ASa is configured to send the traffic to the module.
Now you need to get in to the IPS
you can get in to the through CLI on ASA:-
do session 1
it will ask you for username and password
both are cisco by default
run the command setup
and it will walk you through the initial configuration of the sensor.
once the sensor is configured
log in to the IDM
and need to go to configuration>> policies and assign vs0 to the backplane interface of the module so that sigs come in to the act of the traffic.
you can connect the module in front of the IPS to the switch vlan where the other interface exist from where you want to see this traffic and want ips to come into act.
Suppose you want to apply the IPS on inside network
ASA inside interface ip:-192.168.1.1
Module ip:-192.168.1.3/192.168.1.1
Here the gateway for the module is the ASA inside interface.
now all the traffic going outbound or coming in from the inside itnerface will be monitored by the IPS.
now connect the ethernet interface of the module to the same vlan on switch where your inside interface is connected.
Now you can even manage the IDM of the IPS just like you manage the ASDM for the ASA, you just need to have your host/network allowed to gain access to it.
Thanks
