Cisco ASA 5506-X Configuration Manual page 407

Chapter 18 ASA IPS Module
If you have an inside router
If you have an inside router, you can route between the Management 0/0 network, which includes both
the ASA and IPS management IP addresses, and the inside network. Be sure to also add a route on the
ASA to reach the Management network through the inside router.
IPS Default
Gateway
If you do not have an inside router
If you have only one inside network, then you cannot also have a separate management network. In this
case, you can manage the ASA from the inside interface instead of the Management 0/0 interface. If you
remove the ASA-configured name from the Management 0/0 interface, you can still configure the IPS
IP address for that interface. Because the IPS module is essentially a separate device from the ASA, you
can configure the IPS management address to be on the same network as the inside interface.
Management PC
Proxy or DNS Server
(for example)
You must remove the ASA-configured name for Management 0/0; if it is configured on the ASA, then
Note
the IPS address must be on the same network as the ASA, and that excludes any networks already
configured on other ASA interfaces. If the name is not configured, then the IPS address can be on any
network, for example, the ASA inside network.
What to Do Next
•
Proxy or DNS Server (for example)
ASA gateway for Management
Router
Management
Management PC
IPS Default Gateway
Layer 2
Switch
Management 0/0
Configure basic network settings. See
ASA
Outside
Inside
IPS
Management 0/0
ASA
Inside Outside
IPS
(IPS only)
Configuring Basic IPS Module Network Settings, page
Cisco ASA Series Firewall CLI Configuration Guide
Configuring the ASA IPS module
Internet
Internet
18-11.
18-9