Cisco ASA 5506-X Configuration Manual page 420
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Configuration Examples for the ASA IPS module
Serial Number: JAB11370240
Firmware version: 1.0(14)3
Software version: 6.2(1)E2
MAC Address Range: 001d.45c2.e832 to 001d.45c2.e832
App. Name: IPS
App. Status: Up
App. Status Desc: Not Applicable
App. Version: 6.2(1)E2
Data plane Status: Up
Status: Up
Mgmt IP Addr: 209.165.201.29
Mgmt Network Mask: 255.255.224.0
Mgmt Gateway: 209.165.201.30
Mgmt Access List: 209.165.201.31/32
Mgmt Vlan: 20
The following is sample output from the show module ips command for an ASA 5525-X with an IPS
SSP software module installed:
hostname# show module ips
Mod Card Type
--- -------------------------------------------- -----------------------------
ips IPS 5525 Intrusion Protection System
Mod MAC Address Range
--- --------------------------------- ------------ ---------------------------
ips 503d.e59c.6f89 to 503d.e59c.6f89
Mod SSM Application Name
--- ------------------------------ ------------------------------------------
ips IPS
Mod Status
--- ------------------ --------------------- -------------
ips Up
Mod License Name
--- ----------------- --------------- ---------------
ips IPS Module
Configuration Examples for the ASA IPS module
The following example diverts all IP traffic to the ASA IPS module in promiscuous mode, and blocks
all IP traffic if the ASA IPS module card fails for any reason:
hostname(config)# access-list IPS permit ip any any
hostname(config)# class-map my-ips-class
hostname(config-cmap)# match access-list IPS
hostname(config-cmap)# policy-map my-ips-policy
hostname(config-pmap)# class my-ips-class
hostname(config-pmap-c)# ips promiscuous fail-close
hostname(config-pmap-c)# service-policy my-ips-policy global
The following example diverts all IP traffic destined for the 10.1.1.0 network and the 10.2.1.0 network
to the AIP SSM in inline mode, and allows all traffic through if the AIP SSM fails for any reason. For
the my-ips-class traffic, sensor1 is used; for the my-ips-class2 traffic, sensor2 is used.
hostname(config)# access-list my-ips-acl permit ip any 10.1.1.0 255.255.255.0
hostname(config)# access-list my-ips-acl2 permit ip any 10.2.1.0 255.255.255.0
Cisco ASA Series Firewall CLI Configuration Guide
18-22
209.165.202.158/32
209.165.200.254/24
Hw Version
N/A
Status
Up
Data Plane Status
Up
License Status
Time Remaining
Enabled
7 days
Chapter 18
Model
Serial No.
IPS5525
FCH1504V03P
Fw Version
Sw Version
N/A
7.1(1.160)E4
SSM Application Version
7.1(1.160)E4
Compatibility
ASA IPS Module
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
