Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How can I test my IPS?

Hello,

I have 2 5520 ASA's in Active/standby mode, they both have the AIP-10 modules installed with 7.0(6).E4 installed.

How can I test it is all working can I fire any test scripts through the ASA to trigger an alert and se that it gets blocked?

Also how do I keep these to IPS modules in sync?  I have to mak changes on one then the other all the time.

Thanks                  

Everyone's tags (4)
6 REPLIES
Cisco Employee

How can I test my IPS?

To test the IPS functionality, you can enable signature# 2000 (echo-reply) and 2004 (echo-request) and ping across the ASA. You should get those 2 triggered as a test.

With the IPS modules in ASA active/standby mode, unfortunately the configuration will not be sync automatically and there is a bit of manual work involved to get the config synchronized. The IPS modules are standalone unfortunately.

Cisco Employee

How can I test my IPS?

Also make sure the signatures 2000 and 2004 are un retired besides enabling them. In recent versions they have been retired.

qssp-8083(config-sig-sig)# stat

qssp-8083(config-sig-sig-sta)# sh set

   status

   -----------------------------------------------

      enabled: false

      retired: true

Madhu

New Member

How can I test my IPS?

We can't use teh echo one for testing as we have soem important monitoring servers that will have issues, is there any other way we can test if the IPS modules are blocking?

Cisco Employee

How can I test my IPS?

You can create custom signature and block for example telnet traffic going through the ASA. You just have to specify the TCP port within the custom signature. Or you can configure any other ports for testing purposes.

New Member

How can I test my IPS?

To create a custom rule for Telnet can I use the Cisco IPS ME?  I woudl like to block 192.168.9.11 from telnetting to 172.30.1.1?

Thanks

Cisco Employee

How can I test my IPS?

You can create a custom signature (engine string TCP), and specify telnet port, and configure regex. When it detected the regex settings that you specify, it will trigger the signature.

3553
Views
0
Helpful
6
Replies
CreatePlease to create content