10-03-2006 10:47 AM - edited 02-21-2020 01:12 AM
Does the Ip address on the SSM have to be on a seperate subnet from the other interfaces, while running in promiscous mode?
10-03-2006 11:41 AM
It can be on any of the subnets you want... We have many across the US and put them on a DMZ with a static IP to a public address..
10-03-2006 05:01 PM
Hi,
You can assign any IP, but recommended is IP Address belongs to your Management Vlan or secure subnet (you can even assign unused IP belongs to inside interface segment).
This is because SSM is your IPS module, and you need to allow only trusted/authorized users to access it.
However, pls note that the SSM's default gateway must be in the same subnet as the sensor's IP address or the sensor will generate an error and not accept the configuration change.
Pls rate all useful post(s).
Cheers!
AK
10-05-2006 06:36 AM
Ok so the SSM acts like a server on the network, although it is a module in the ASA
10-05-2006 08:00 AM
Bingo. The physical port on the AIP-SSM module is for management. The docs are very vaugue about this. THe sensing "port" is connected to the ASA via the blackplane.
HTH
10-05-2006 08:06 PM
Yes, it works almost the same like FWSM/IDSM modules in Cat6500, except for the physical management port.
Like mmorris11 said, everything works via backplane, except the mgt port.
Cheers!
Amrih
10-06-2006 05:52 AM
While setting up the sensor it requires a reboot, will this reboot the entire ASA or just the module itself.
10-06-2006 10:50 AM
Only the SSM, not the entire ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide