- Cisco asa aip ssm 10 how to#
- Cisco asa aip ssm 10 software#
- Cisco asa aip ssm 10 password#
- Cisco asa aip ssm 10 series#
! Current configuration last modified Mon Mar 23 21:46:47 2009 !- Out-of-the-box default configuration includes !- the service-policy global_policy applied globally. !- Out-of-the-box default configuration includes !- policy-map global_policy. Policy-map type inspect dns preset_dns_map Snmp-server enable traps snmp authentication linkup linkdown coldstart !- Access lists are applied to the interfaces.Īccess-group acl_outside_in in interface outsideĪccess-group acl_inside_in in interface inside !- Access lists are added in order to allow test !- traffic (ICMP and Telnet).Īccess-list acl_outside_in extended permit icmp any host 172.16.1.50Īccess-list acl_inside_in extended permit ip 10.2.2.0 255.255.255.0 anyĪccess-list acl_dmz_in extended permit icmp 192.168.1.0 255.255.255.0 any !- IP addressing is added to the default configuration.
Cisco asa aip ssm 10 password#
Additions are noted in the configuration.Įnable password 2KFQnbNIdI.2KYOU encrypted
Both the ASA and AIP-SSM start with a default configuration but have specific changes made for testing purposes. They are RFC 1918 addresses which have been used in a lab environment. The IP addressing schemes used in this configuration are not legally routable on the Internet.
Note: Use the Command Lookup Tool ( registered customers only) in order to obtain more information on the commands used in this section. In this section, you are presented with the information to configure the features described in this document. Refer to Cisco Technical Tips Conventions for more information on document conventions. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration.
The information in this document was created from the devices in a specific lab environment.
Cisco asa aip ssm 10 series#
Note: This configuration example is compatible with any Cisco ASA 5500 Series Firewall with OS 7.x and later and the AIP-SSM module with IPS 5.x and later.
Cisco asa aip ssm 10 software#
The information in this document is based on these software and hardware versions:ĪIP-SSM-10 with IPS software version 6.1.2 Necessary configuration components for AIP-SSM (IPS software 6.x) include network setup, allowed hosts, interface configuration, signature definitions, and event action rules. Necessary configuration components for ASA 8.x include interfaces, access-lists, network address translation (NAT), and routing.
Cisco asa aip ssm 10 how to#
This document assumes that the audience has a basic understanding of how to configure Cisco ASA software version 8.x and IPS software version 6.x. Note: For more information on initial Configuration of AIP-SSM, refer to Initial Configuration of the AIP-SSM Sensor. So if you divert the IPv6 traffic to the AIP SSM through ASA, it is not supported. Note: Modular Policy Framework used by the ASA in order to classify traffic for inspection does not support IPv6. An example of traffic not sent to the IPS module includes pinging (ICMP) the ASA interfaces or Telnetting to the ASA. Network traffic sent to and from the ASA is not sent to the IPS module for inspection. Note: Network traffic that traverses the ASA includes internal users who access the Internet or Internet users who access resources protected by ASA in a demilitarized zone (DMZ) or inside network. Refer to Assigning Virtual Sensors to a Security Context (AIP SSM Only) for more information on how to send network traffic that passes through the Cisco ASA 5500 Series Adaptive Security Appliance (ASA) in multiple context mode to the Advanced Inspection and Prevention Security Services Module (AIP-SSM) (IPS) module. Refer to ASA: Send Network Traffic from the ASA to the CSC-SSM Configuration Example in order to send network traffic from the Cisco ASA 5500 Series Adaptive Security Appliance (ASA) to the Content Security and Control Security Services Module (CSC-SSM). Configuration examples are provided with the command line interface (CLI). This document provides a sample configuration for how to send network traffic that passes through the Cisco ASA 5500 Series Adaptive Security Appliance (ASA) to the Advanced Inspection and Prevention Security Services Module (AIP-SSM) (IPS) module.