Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Issue Getting AIP-SSM to Scan Traffic

Hi Everyone,

I am very new to working with these devices but am looking for some help in getting the AIP-SSM10 to scan FTP traffic that passes the FW. I have generated the traffic (FTP) and it has been successful, but it doesnt seem to go via the IDS as I get "no processed packets",

Can anyone tell me if I am missing anything? Would be great if someone could help and thanks in advance,

Dan

This is my config:

class-map inspection-AIP-SSM-Cmap
match access-list AIP-SSM
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map inspection-AIP-SSM-Pmap
class inspection-AIP-SSM-Cmap
  ips inline fail-close
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
service-policy inspection-AIP-SSM-Pmap interface Process1
service-policy inspection-AIP-SSM-Pmap interface Process2
service-policy inspection-AIP-SSM-Pmap interface Process3
service-policy inspection-AIP-SSM-Pmap interface Information
service-policy inspection-AIP-SSM-Pmap interface Supervisory
service-policy inspection-AIP-SSM-Pmap interface NMS
service-policy inspection-AIP-SSM-Pmap interface Remote-Access
service-policy inspection-AIP-SSM-Pmap interface Outside
prompt hostname context


access-list AIP-SSM; 2 elements; name hash: 0x32415518
access-list AIP-SSM line 1 remark ###ACL for Diverting Traffic to AIP-SSM###
access-list AIP-SSM line 2 extended permit tcp host 10.11.120.99 host 10.11.121.3 eq ftp (hitcnt=6) 0xc2d99a28
access-list AIP-SSM line 3 extended permit ip any any (hitcnt=40488) 0x2972bc2a

1 REPLY
Bronze

Issue Getting AIP-SSM to Scan Traffic

Have you assigned the interface to virtual-sensor yet ?

Try a packet display on SSM, does it show anything.

You may want to refer to following guide for detailed config.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

Hope this helps.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
388
Views
0
Helpful
1
Replies
CreatePlease login to create content