Cisco 5510 - ASA SSL / IPsec VPN Edition Getting Started Manual page 178

Asa 5500 series

Hide thumbs Also See for 5510 - ASA SSL / IPsec VPN Edition:

Quick start manual (40 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

page of 208

/ 208
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring the AIP SSM

To add or edit a policy map that sets the action to divert traffic to the AIP SSM,

Step 2

enter the following commands:

hostname(config)# policy-map name

hostname(config-pmap)# class class_map_name

hostname(config-pmap-c)#

where the class_map_name is the class map from

For example:

hostname(config)# policy-map IPS

hostname(config-pmap)# class IPS

To divert the traffic to the AIP SSM, enter the following command:

Step 3

hostname(config-pmap-c)# ips {inline | promiscuous} {fail-close |

fail-open} [sensor {sensor_name | mapped_name}]

where the inline and promiscuous keywords control the operating mode of the

AIP SSM. See the

The fail-close keyword sets the adaptive security appliance to block all traffic if

the AIP SSM is unavailable.

The fail-open keyword sets the adaptive security appliance to allow all traffic

through, uninspected, if the AIP SSM is unavailable.

If you use virtual sensors on the AIP SSM, you can specify a sensor name using

the sensor sensor_name argument. To see available sensor names, enter the ips ...

sensor ? command. Available sensors are listed. You can also use the show ips

command. If you use multiple context mode on the adaptive security appliance,

you can only specify sensors that you assigned to the context (see the

Virtual Sensors to Security Contexts" section on page

mapped_name if configured in the context. If you do not specify a sensor name,

then the traffic uses the default sensor. In multiple context mode, you can specify

a default sensor for the context. In single mode or if you do not specify a default

sensor in multiple mode, the traffic uses the default sensor that is set on the AIP

SSM. If you enter a name that does not yet exist on the AIP SSM, you get an error,

and the command is rejected.

(Optional) To divert another class of traffic to the AIP SSM, and set the IPS policy,

Step 4

enter the following commands:

hostname(config-pmap-c)# class class_map_name2

hostname(config-pmap-c)# ips {inline | promiscuous} {fail-close |

fail-open} [sensor sensor_name]

Cisco ASA 5500 Series Getting Started Guide

13-12

"Operating Modes" section on page 13-3

Chapter 13

Configuring the AIP SSM

Step

for more details.

"Assigning

13-9). Use the

78-19186-01

Table of Contents

Show Quick Links

Quick Links:
Asa 5500
Embedded Network Interfaces
Ports and Leds
Connecting Interface Cables on the Asa...

Hide quick links:

Table of Contents

Related Products for Cisco 5510 - ASA SSL / IPsec VPN Edition

This manual is also suitable for:

Asa 5520 Asa 5540 Asa 5550 Asa 5510

Cisco 5510 - ASA SSL / IPsec VPN Edition Getting Started Manual page 178

Hide quick links:

Related Manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Related Products for Cisco 5510 - ASA SSL / IPsec VPN Edition

This manual is also suitable for:

Table of Contents