Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS configuration promiscus mode(fail-open) assistance/troubleshooting

Hi all ,

I have 2 ASA configured in active/standby failover mode. I want to configure IPS in promiscus mode with fail-open configuration.

i have not connected IPS with any pc through magmt port.

I can access IPS through ASA(5520) using session 1 and able to do basic configuration using setup.

after configuring when i try to login through ASA ASDM(IPS tab on home page of ASA ASDM) it ask for ip(managment or other ip).. I am trying to access the IPS with ip(192.168.3.74) configured in IPS using initial setup (192.168.3.74/27, 192.168.3.65) and also added access-list allowing 192.168.3.0/24.

ASA inside ip subnet:192.168.3.64/27

ASA DMZ ip subnet: 192.168.1.0/24

let me know if i need to assign IPS ip from dmz range or inside range?

Do i need to setup same IP for IPS in both ASA module?

Let me know if i can connect to IPS from ASA ASDM using some ip(192.168.3.74) configured through setup on 443 port.?

What access-list i should add in IPS or ASA if required?

While setting up IPS 1st time using setup command i am not able to see the unused/monitored interface(g0/1) so that i could add both interface, which should show as per cisco doc. what may be the reason?

IPS 6.0

ASA(5520) 7.24

ASDM 5.24

Regards

Amardeep

1 REPLY

Re: IPS configuration promiscus mode(fail-open) assistance/troub

You need to configure the interface properly and plug it in the network.

The second interface is displayed different in the AIP-SSM, as  this is a logal/internal connection to the ASA.


Regards

Farrukh

656
Views
0
Helpful
1
Replies