Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5505 IDS Promiscuous setup

Hi , i need the comunity help in this matter.

I ordered a IPS module to a small ASA to replace a Snort IDS Server.
I want only to perform IDS and reporting (not inline)

The design (simplified) is

Drawing1.jpg

The problem is that i read this morning that ASA cannot handle this type of scenario, it can only analyse the traffic that is passing through it.

Is there a chance to make this work ?

Thanks.

Everyone's tags (6)
1 REPLY
Cisco Employee

ASA 5505 IDS Promiscuous setup

Hello Adrian,

Please have a look in a guide how to configure SSM in promiscuous mode, it should work as you expect.

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_ssm.html

thanks

581
Views
0
Helpful
1
Replies