Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to enable IPS/IDS in ASA ?

Hi,

I got a AIP SSM-20 for asa 5520.I am very new to this product.I have gone through few documents and understood how to redirect traffic from ASA to AIP-SSM.

I dont have clear idea on

1) How to access AIP-SSM through ASDM.

2) Is it possible to assign an ip to AIP-SSM from my inside interface LAN.

3) Is it required connect to management interface of the AIP-SSM to any switch(LAN).

4)How to control(Allow or Block) traffic.Since i am not very familiar with IDS/IPS , i want allow all the traffic but capture the logs of the aatck.

Can you take me through(Links to the documention site) step by step configuration which would place IDS/IPS in my network.

Thanks in advance.

Everyone's tags (1)
2 REPLIES
New Member

Re: How to enable IPS/IDS in ASA ?

Hi Uthay,

Plz find our response below.

1) How to access AIP-SSM through ASDM.

  • You need to configure the IP for the AIP-SSM first

2) Is it possible to assign an ip to AIP-SSM from my inside interface LAN.

  • Yes. It is possible to assign the IP address for the AIP-SSM & it should be reachable from the network

3) Is it required connect to management interface of the AIP-SSM to any switch(LAN).

  • Yes. If not you cannot access the device using GUI & SSH from the external host.

4)How to control(Allow or Block) traffic.Since i am not very familiar with IDS/IPS , i want allow all the traffic but capture the logs of the aatck.

Can you take me through(Links to the documention site) step by step configuration which would place IDS/IPS in my network.

  • By Default AIP-SSM will not support the syslog as like ASA. So download the Cisco IPS Manager   Express, it will be used to collect all your IPS logs and you can verify the same. It has report feature where you can get the below

               * TOP ATTACKER REPORT

               * TOP VICTIM REPORT

               * TOP SIGNATURE REPORT  & More.

Let us know the update once you had configured. Good luck

New Member

How to enable IPS/IDS in ASA ?

Hi ycs chennai,

i want allow all the traffic but capture the logs of the attack but can i do this configure through GUI?

i am not familar with ids CLI...i want all traffic only in detect mode...

suhas B

16547
Views
0
Helpful
2
Replies