Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

New deployment with ASA & AIP-SSM module

Hi guys and gals,

I'm thinking of deploying an ASA with IPS module AIP-SSM at my perimeter. I'm going to use Cisco IPS Manager Express (IME) to monitor the IPS to monitor the ASA. I have no plans on deploying an IDS device.


Question: Is IME designed to send notification about threats? What are some of the setups in your network? (Just poking with the last question.)

thx..

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: New deployment with ASA & AIP-SSM module

IME is designed just to monitor IPS (whether it is IPS appliance, AIP-SSM module on ASA, or other IPS module). IME is not capable on monitoring ASA.

IME can provide email notification on events which are being triggered on the IPS, while IPS itself can't. IME can also keep all the events triggered by the IPS, while IPS buffer is pretty small, therefore if you have huge events, the buffer gets overwritten pretty quickly.

Here is more information on IME if you are interested:

http://www.cisco.com/en/US/products/ps9610/index.html

2 REPLIES
Super Bronze

Re: New deployment with ASA & AIP-SSM module

IME is designed just to monitor IPS (whether it is IPS appliance, AIP-SSM module on ASA, or other IPS module). IME is not capable on monitoring ASA.

IME can provide email notification on events which are being triggered on the IPS, while IPS itself can't. IME can also keep all the events triggered by the IPS, while IPS buffer is pretty small, therefore if you have huge events, the buffer gets overwritten pretty quickly.

Here is more information on IME if you are interested:

http://www.cisco.com/en/US/products/ps9610/index.html

New Member

Re: New deployment with ASA & AIP-SSM module

You can always change the buffer size and there's probably a way to syslog those events. Halijen thanks for you reply and it was very helpful.

260
Views
0
Helpful
2
Replies