I can connect the LAN switch directly to the inside interface of the ASA5510 firewall. Hosts can get Internet connectivity while cabled to the switch. However, when the LAN switch is connected to the port on the IPS module, there is no Internet connectivity. Any suggestions would be appreciated. The following is the sh configuration and sh int output.

sh con_[Jfiguration

Version 5.1(6)

! Current configuration last modified Sat Apr 05 12:28:11 2008

! ------------------------------

service interface

exit

! ------------------------------

service analysis-engine

virtual-sensor vs0

physical-interface GigabitEthernet0/1

exit

exit

! ------------------------------

service authentication

exit

! ------------------------------

service event-action-rules rules0

exit

! ------------------------------

service host

network-settings

host-ip 192.168.1.36/24,192.168.1.10

host-name ips

telnet-option enabled

--MORE--

access-list 0.0.0.0/0

exit

time-zone-settings

offset 0

standard-time-zone-name UTC

exit

exit

! ------------------------------

service logger

exit

! ------------------------------

service network-access

exit

! ------------------------------

service notification

exit

! ------------------------------

service signature-definition sig0

exit

! ------------------------------

service ssh-known-hosts

exit

! ------------------------------

service trusted-certificates

--MORE--

exit

! ------------------------------

service web-server

exit

ips# sh inter_[Jfaces _[2C

Interface Statistics

Total Packets Received = 6806

Total Bytes Received = 2001784

Missed Packet Percentage = 0

Current Bypass Mode = Auto_off

MAC statistics from interface GigabitEthernet0/1

Interface function = Sensing interface

Description =

Media Type = backplane

Missed Packet Percentage = 0

Inline Mode = Unpaired

Pair Status = N/A

Link Status = Up

Link Speed = Auto_1000

Link Duplex = Auto_Full

Total Packets Received = 6807

Total Bytes Received = 2001866

Total Multicast Packets Received = 0

Total Broadcast Packets Received = 0

Total Jumbo Packets Received = 0

Total Undersize Packets Received = 0

Total Receive Errors = 0

Total Receive FIFO Overruns = 0

Total Packets Transmitted = 6807

--MORE--

Total Bytes Transmitted = 2017118

Total Multicast Packets Transmitted = 0

Total Broadcast Packets Transmitted = 0

Total Jumbo Packets Transmitted = 0

Total Undersize Packets Transmitted = 0

Total Transmit Errors = 0

Total Transmit FIFO Overruns = 0

MAC statistics from interface GigabitEthernet0/0

Interface function = Command-control interface

Description =

Media Type = TX

Link Status = Down

Link Speed = N/A

Link Duplex = N/A

Total Packets Received = 126

Total Bytes Received = 14255

Total Multicast Packets Received = 0

Total Receive Errors = 0

Total Receive FIFO Overruns = 0

Total Packets Transmitted = 1

Total Bytes Transmitted = 64

Total Transmit Errors = 0

Total Transmit FIFO Overruns = 0

I'm not to sure what you mean by "connected to the port on the IPS." The port on your SSM is merely a management port. It is not anything that would interfere with network connectivity.

Please advise on your cabling. You should still connect up as you would normally. Here is how a config of the asa should look like:

hostname(config)# access-list IPS permit ip any any

hostname(config)# class-map my-ips-class

hostname(config-cmap)# match access-list IPS

hostname(config-cmap)# policy-map my-ids-policy

hostname(config-pmap)# class my-ips-class

hostname(config-pmap-c)# ips inline fail-open

hostname(config-pmap-c)# service-policy my-ids-policy global ** Or whatever your main service policy is **

I took this directly from the CISCO AIP setup. http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/cli/cliSSM.html

I hope this is what you were needing. Please let us know if it is not.

Yes, thank you.