Table of Contents
Advertisement
Chapter 13
Configuring the AIP SSM
Step 3
Assigning Virtual Sensors to Security Contexts
Note
Step 1
Step 2
78-19186-01
When you are done configuring the AIP SSM, exit the IPS software by entering
the following command:
sensor# exit
If you sessioned to the AIP SSM from the adaptive security appliance, you return
to the adaptive security appliance prompt.
If the adaptive security appliance is in multiple context mode, then you can assign
one or more IPS virtual sensors to each context. Then, when you configure the
context to send traffic to the AIP SSM, you can specify a sensor that is assigned
to the context; you cannot specify a sensor that you did not assign to the context.
If you do not assign any sensors to a context, then the default sensor configured
on the AIP SSM is used. You can assign the same sensor to multiple contexts.
You do not need to be in multiple context mode to use virtual sensors; you can be
in single mode and use different sensors for different traffic flows.
To assign one or more sensors to a security context, perform the following steps:
To enter context configuration mode, enter the following command in the system
execution space:
hostname(config)# context name
hostname(config-ctx)#
To assign a virtual sensor to the context, enter the following command:
hostname(config-ctx)# allocate-ips sensor_name [mapped_name] [default]
Enter this command for each sensor you want to assign to the context.
The sensor _name argument is the sensor name configured on the AIP SSM. To
view the sensors that are configured on the AIP SSM, enter the allocate-ips ?
command. All available sensors are listed. You can also enter the show ips
command. In the system execution space, the show ips command lists all
available sensors; if you enter it in the context, it shows the sensors you already
Cisco ASA 5500 Series Getting Started Guide
Configuring the AIP SSM
13-9
Hide quick links:
Advertisement
Table of Contents
