Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ASA SSM IP address

Does the Ip address on the SSM have to be on a seperate subnet from the other interfaces, while running in promiscous mode?

7 REPLIES
Silver

Re: ASA SSM IP address

It can be on any of the subnets you want... We have many across the US and put them on a DMZ with a static IP to a public address..

Re: ASA SSM IP address

Hi,

You can assign any IP, but recommended is IP Address belongs to your Management Vlan or secure subnet (you can even assign unused IP belongs to inside interface segment).

This is because SSM is your IPS module, and you need to allow only trusted/authorized users to access it.

However, pls note that the SSM's default gateway must be in the same subnet as the sensor's IP address or the sensor will generate an error and not accept the configuration change.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008045a77c.html#wp1031325

Pls rate all useful post(s).

Cheers!

AK

Community Member

Re: ASA SSM IP address

Ok so the SSM acts like a server on the network, although it is a module in the ASA

Silver

Re: ASA SSM IP address

Bingo. The physical port on the AIP-SSM module is for management. The docs are very vaugue about this. THe sensing "port" is connected to the ASA via the blackplane.

HTH

Re: ASA SSM IP address

Yes, it works almost the same like FWSM/IDSM modules in Cat6500, except for the physical management port.

Like mmorris11 said, everything works via backplane, except the mgt port.

Cheers!

Amrih

Community Member

Re: ASA SSM IP address

While setting up the sensor it requires a reboot, will this reboot the entire ASA or just the module itself.

Re: ASA SSM IP address

Only the SSM, not the entire ASA.

280
Views
0
Helpful
7
Replies
CreatePlease to create content