Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS setup question

I have a ASA 5545X with the internal IPS module

The IP address of the IPS module is one the management network (management interface) (192.168.108.x), and during setup of the IPS, I specify the default gateway as either the management interface of the ASA or the IP of the downstream switch.

The IPS module will have to communicate with the Internet for updates, and I will hvtbe to remotely manage it

so here is my question:

When the IPS module attempts to contact hosts on the Internet, wht path does it follow? Does it go out the magaement interface, through the downstream swtich, and then to the inside interface of the ASA, and out to the web?

If so, do I need to modify the ACL on the inside interface to allow the IPS module out? What ports will need to be open? 443? 80?

Then, if I try to contact this IPS module, and the management interface is set to "management-only", how do I get in? (I assume this limits access to the management network 192.168.108.x)

Any advice would be great

1 REPLY
Cisco Employee

Re: IPS setup question

Hi Colin,

This DOCs covers your questions:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d03.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bd5d00.shtml

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
360
Views
0
Helpful
1
Replies
CreatePlease to create content