03-13-2010 07:32 AM - edited 03-10-2019 04:55 AM
Hi,
AIP SSM 20 is up and running not able to login through ASDM or browser, and not able direct the traffic to IPS module through asa command line intrestingly not able to see ips command in policy map. if some one can guide me how to get it work.
Please find the IPS Module status. and some commands for your observation.
ASA-5520# sh module
Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
0 ASA 5520 Adaptive Security Appliance ASA5520 JMX1345L1UG
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAF1343AKHQ
Mod MAC Address Range Hw Version Fw Version Sw Version
--- --------------------------------- ------------ ------------ ---------------
0 0026.cb49.1033 to 0026.cb49.1037 2.0 1.0(11)5 8.2(1)
1 0026.cba2.b9a2 to 0026.cba2.b9a2 1.0 1.0(11)5 7.0(2)E3
Mod SSM Application Name Status SSM Application Version
--- ------------------------------ ---------------- --------------------------
1 IPS Up 7.0(2)E3
Mod Status Data Plane Status Compatibility
--- ------------------ --------------------- -------------
0 Up Sys Not Applicable
1 Up Up
ASA-5520#
no command ips inline command
ASA-5520# conf t
ASA-5520(config)# class-
ASA-5520(config)# class-map route-to-ips
ASA-5520(config-cmap)# m
ASA-5520(config-cmap)# ma
ASA-5520(config-cmap)# mat
ASA-5520(config-cmap)# match an
ASA-5520(config-cmap)# match any
ASA-5520(config-cmap)# exit
ASA-5520(config)# ploi
ASA-5520(config)# poli
ASA-5520(config)# policy-map ips-policy
ASA-5520(config-pmap)# cla
ASA-5520(config-pmap)# class route-to-ips
ASA-5520(config-pmap-c)# class route-to-ips ?
mpf-policy-map mode commands/options:
<cr>
configure mode commands/options:
<cr>
ASA-5520(config)# class route-to-ips
ASA-5520(config-cmap)# ?
MPF class-map configuration commands:
description Specify class-map description
exit Exit from MPF class-map configuration mode
help Help for MPF class-map configuration commands
match Configure classification criteria
no Negate or set default values of a command
rename Rename this class-map
ASA-5520(config-cmap)# ip?
configure mode commands/options:
ip ipsec ipv6
ASA-5520(config-cmap)# ips
ASA-5520(config-cmap)# ipsec ?
configure mode commands/options:
df-bit Set IPsec DF policy
fragmentation Set IPsec fragmentation policy
security-association Set security association parameters
transform-set Define transform and settings
ASA-5520(config-cmap)# ips inline fa
ASA-5520(config-cmap)# ips inline
^
ERROR: % Invalid input detected at '^' marker.
ASA-5520(config-cmap)# ips inline fail-close
^
ERROR: % Invalid input detected at '^' marker.
ASA-5520(config-cmap)# ips ?
configure mode commands/options:
df-bit Set IPsec DF policy
fragmentation Set IPsec fragmentation policy
security-association Set security association parameters
transform-set Define transform and settings
ASA-5520(config-cmap)#
ASA-5520(config-cmap)# sho ips
Sensor Name Sensor ID
----------- ---------
vs0 1
ASA-5520(config-cmap)# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
Regrads
Rama
03-15-2010 11:56 AM
Rama,
First, PLEASE understand, if you would like help, you should make it easy for folks to see your information clearly.
The text you pasted in below is full of syntax errors that busy folks don't have time to sort through.
Also using a fixed space font (courier, or courier new) will help align the details as-well.
I found that running I.E. with Java version pre 1.6 works VERY well.
Hope this helps!
Frank
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: