I sold two quantity of ASA5585-S40-K9 to a customer. They are in HA configuration and running 9.1 software image. Now customer wants to have IPS functionality on these ASA devices. I need your help on following two points:
1. Can you please share the BOM to add the IPS functionality on these existing ASA devices?
2. Can the IPS functionality thus added work on Active-Active? Kindly help me understand.
As far as I know the IPS funtionality in 5585-x is only supported through SSP modules and the mentioned model has this module installed in it. The license you need for the IPS funtionality for 1 year can be achieved through the following part number:
You can use the following part number for signature update:
You can extend the time for IPS functionality up to 5 years and signature update up to 3 years.
Regarding A/A configuration, there is no obstacle and you can implement IPS functionality using virtual sensors.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...