AAA support on IPS modules

Similar Questions

• Logging in on a 5525 ASA IPS module

  Hi all

  Quick question here. I have a new ASA 5525 - X with IPS module.

  The PPE must be configured as an ID and told me that without fire view management controller, we can apply a license.

  I have also told me that with the 5525, we cannot install log in module to install the licenses. Please can someone confirm if I can install the licenses for the module? If so, how can I connect to the IDS to implement? Is this possible at all?

  Kind regards

  Riou

  That you listed is the legacy model, which is the end of the sale April 26, 2015. See this notice.

  They have their own Start Guide quick here.

  For these former IPS modules, you do not have licenses. Instead, your Smartnet must be the right kind of contract that includes coverage of subscription for the IPS signature updates.

  Legacy devices management IPS is via ASDM/IDM or, for slightly better visibility, through IPS Manager Express (IME). (There is also the option of Cisco Security Manager for the largest deployments).

  Signature update and software updates for older IPS modules can be done manually or automatically (assuming that you have a valid support contract, which includes the right of the subscription). Instructions for that are here.

• High utiization cpu IPS module

  I have two firewalls Cisco ASA5540X with IPS modules configured in a failover pair.

  Behind this pair Firewall (inside) is about 140 guests who use various web applications, minimal Internet, e-mail (host maybe 10) and a few small sharing/file access

  My IPS is configured for online analysis, but I noticed that the processor works 100% all the time (6 cores). Given that I don't want any circumvention traffic IPS, my firewall configuration looks like this

  ips_traffic of access allowed any ip an extended list

  ips_traffic list extended access udp allowed a whole

  class-map ips_class

  corresponds to the ips_traffic access list

  Policy-map global_policy

  class ips_class

  IPS inline help

  Why is such high usage on the IPS? What can I do here?

  Hello

  Although not an expert in this particular field, I installed a handful of them and each of them took one load CPU 100%, I was told by our support load of the CPU on an IPS is very inaccurate way to determine the load, it is preferable to use the inspection processing load.

  After more digging, I found this - the issue is addressed in this bug - CSCtl74475

  HTH

  Mike

• IPS module does not

  Hi, I'm currently running active / standby and my sometimes (twice a year) IPS module goes on which triggering a failover. The current status is:

  This host: secondary: enabled

  Another host: primary - failed

  and on the primary host-: slot 1: ASA-SSM-10 rev hw/sw (status 1.0/6.1(1)E3) (does not/high)

  I know that I have to go in the module and hw-module module reset. But I opened a file and got a replacement Module ID. Do I need to power down my ASA primary, it is in mode of failover in any case... If I turn off, it would result in any question of production since I am currently on secondary. Also, I read that the module will not keep or config between synchronization devices. How can I access the configuration of the IPS module so that I can put it in the new module?

  Thanks for the reply.

  FYI, these issues must be addressed with the CSE assigned to your request for Service of TAC where RAM was arranged. I'll take a shot at answering them, but when you use a query from Active Service of the TAC, you must act together with the CSE assigned to issues related to the issue.

  Do I need to power down my primary ASA

  Yes, sensor AIP - SSM modules are not able to SEE (Insertion/withdrawal online). ASA in which the sensor module is replaced must be powered down before removing the faulty sensor module and before installing the replacement.

  if I do power down, would it cause any issue to production since I am on secondary right now.

  If the other Member of the ASA of the failover pair is currently active and its sensor module is in Place, then power the unit standby off ASA should not affect traffic.

  I have read that the module won't retain or synch config between devices. how do i access the configuration of the IPS module so that I can put it into the new module?

  Correct, the sensor modules do inheritly not synchronize or replicate their configuration (such as units of the ASA of the failover pair). If you are able to access the defective sensor module long enough to get a copy of the "show config" command, you can integrate this same output in the replacement sensor module.

  Finally, note that the Unresponsive State can be caused by hardware problems. IPS 1.0000 E3 (which is what you seem to be running) is very old and is more directly supported. You need to upgrade to a modern version, supported (E4 7.0 (6) or 6.2 (4) E4), which contain a lot of bugs, which some correct problems that might otherwise cause the module become Unresponsive.

• Abandoning the router IPS Modules?

  I attended a training IPS a few weeks back when the instructor stated that Cisco would be giving up the ability to have IPS modules in routers.  Is this the case?

  Yes, that's right. The NM - IPS was EOS/EOL announced two months ago, but I think that the AIM - IPS for the ISR - G1 is not yet announced EOS/EOL.

  http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5729/ps5713/ps2113/...

  Sent by Cisco Support technique iPad App

• Recover password of the IPS module (ASA)

  Dear experts,
   
  I have an ASA 5500 series with AIP SSM (IPS module), the username and password are lost.
   
  According to cisco portal, there are two approaches to recover the password:
  1 using the CLI command: hw-module module reset slot_number password;
  2. with the help of ASDM--> tools--> 'IPS password reset.
   
  Not sure whether the two commands to achieve the same result (retrieve password) or they may have different results (i.e. need to reset the module).
   
  The device is online, reset module is not privileged.
   
  After checking the information from the internet, it offers to reset the IPS module. Any problem will be produced if the IPS module is not reset?

  RDG
   
  Anita

  Hi Anita,.

  You can try using:

  HW-module module slot_number password reset

  Who will reset just the IPS to its default username/password:

  Cisco and cisco

  You can access the ASA CLI IPS:

  session 1

  Then type cisco and cisco (username/password)

  For example, you could add a new password.

  Don't forget to evaluate and select the right answer.

• 2611XM support IOS IPS?

  I have a T (15) 12.4 running 2611XM, 256 ram, will support the IOS IPS service?

  Cisco IOS 12.4 (15) T, XM 2611 will support IOS IPS service. The feature value must be a set of features in advance. The IOS from Cisco IPS acts as an online intrusion prevention sensor, watching packets and sessions they flow through the router and each packet scanning to match all Cisco IOS IPS signatures. When it detects suspicious activity, it responds before network security can be compromised and records the event through Cisco IOS syslog messages or event of Security Exchange (CETS).

• Update to the IPS Module

  I am trying to push an update via tftp for my IPS module, but am not sure how this cable.

  ASA internal Int: 10.1.3.1

  ASA IPS Mod: 10.1.9.201

  ASA IPS GW: 10.1.9.1

  What I owe my TFTP server directly to cable IPS module, or does it go in the interface internal? I tried both and my TFTP server is not displayed all traffic.

  The AIP - SSM module has its own management interface (it is the only ethernet on the face of the module). This must be connected to your TFTP server. Either directly (through a rollover cable) or through a switch or router.

• What traffic is copied to the IPS Module?

  We have an ASA5585-X with installed PSS-10 module that we test. External interface of the firewall is connected to the internet and has a public address. We have installed 4.2 CSM and send IPS events to it.

  After that we have configured the IPS module, we expected to get a lot of alerts for attacks from the internet, but we see almost nothing.

  The ACL on the external interface does actually not much, just a few SMTP, DNS, HTTP, SSH.

  My question is this - the IPS would all see the attacks/traffic from the internet or JUST packages that have passed the external ACL?

  I suspect that's why we rarely see alerts - can anyone confirm this?

  Thank you

  //\/\\\

  If traffic was abandoned by the ASA, then IPS will have no visibility to it.

  Kind regards

  Sawan Gupta

• Physics IPS vs IPS Module

  Hello

  Do you think, from the point of view of expert security, replacing a physical IPS with a firewall IPS module will any beneficiary?

  any idea which may specify?

  Yes you can install modules IPS in routers. Take a look at the following presentation to get an idea of what range of devices are available.

  http://www.Cisco.com/en/us/prod/collateral/routers/ps5853/ps5875/prod_presentation0900aecd806ccf26.PDF

  As for your second question, not implementation is strictly good or bad. Situation will dictate what you want to do about the way in which you configure the path to the ISP. My personal preference would be to put a switch between the IPS and the router and configure it accordingly. It gives me a certain flexibility which can allow me to plug in other devices in the network path, if I find that I need to.

• Where can I get the license for the IPS module file?

  We just bought an ASA 5515 X with internal IPS module.

  I registed the IPS with Cisco and got a license key

  However, the module IPS needs a license file (, lic)

  I see nothing in the documentation or the instructions that came with the device to get this file. I don't see anything on the cisco Web page of license.

  can someone help me?

  Try this

  https://Tools.Cisco.com/swift/LicensingUI/ipsCryptoPage

• IPS module for the 7200

  Is there a PA IPS of the 7206? Similar to the NM-CIDS. I have searched around and have not been able to find anything. If not, I guess that IOS IPS is the only option?

  Thanks in advance.

  Hello

  These are the modules supported by 7200 at this point of time.

  http://Cisco.com/en/us/products/HW/routers/PS341/products_relevant_interfaces_and_modules.html

  On the service modules you must have

  Map of Service Cisco Catalyst 4500 AGM encryption

  Cisco Compression Service adapter

  Cisco VPN acceleration module

  Cisco VPN Acceleration Module 2

  Module Cisco VPN acceleration 2 +.

  http://Cisco.com/en/us/products/HW/modules/ps2957/prod_module_series_home.htmlCisco Catalyst 4500 AGM encryption Service adapter

  I think that the option would go for the IOS IPS feature set which can help you in the realization of the obligation you have to your site.

  regds

• How to configure syslog on the following IPS module?

  Hi all

  We have modules IPS (ASA-SSM-10) which is installed in the firewall Cisco ASA (5520) and I want to integrate the server RSA Envision logs management module. Please confirm whether these can be integrated into Envision and how? I am able to get logs of Cisco ASA by activating loggin on the box. I need to send the logs of this sensor.

  Here are the details of the module-

  Platform: ASA-SSM-10
  Build version: 7.0 (4) E4

  OS version: 2.4.30 - IDS-smp-bigphys
  Can someone advise me on this

  Kind regards

  Saurabh Srivastava

  Is the tool RSA supports the CETS events.

  If Yes, then it should be simple enough to pull events.

  https://supportforums.Cisco.com/docs/doc-12515

  Kind regards

  Sawan Gupta

• All Cisco ASA 5510 have the IPS modules

  I am new to the use of Cisco Networking products. I gave me a mission to determine if our company 5510 and 5505 IPS/IDS. In doing my research I discoververed 5505 have no IPS/IDS, but you can buy a card and 5510 have modules IPS/IDS. How can I determine whether my 5510 modue (s) IPS/IDS

  only the new x (but not the 5585) ASAs have software modules. There on the 5505 and 5510 hw modules. But first, you must bring your ASA-access in the order. You can try different browsers, but also make sure that your Java is up to date.

  Sent by Cisco Support technique iPad App

• Generator interface user Web supports the DSC Module?

  A simple question:

  Can I use the generator of the user Web interface for Web client access to a Windows-LabVIEW System with the DSC module or supportet has this tool user interface only the LabVIEW base for the objects in the front?

  For example: Can I use a web client to review historical data and alarms? Can I use a web client with full support for "The front panel security dialog box" (see http://zone.ni.com/reference/en-XX/help/371618F-01/lvdsc/front_panel_security_db/)?

  Best regards

  Frank

  Hi Frank,.

  Yes, you can use the generator of the user Web interface to access historical data and view the current alarms. The LabVIEW 2010 version of the ASN has several built-in RESTful web services that make the Citadel and alarm available via HTTP data. Here are some resources to provide details on how it works.

  Interact with Web Module DSC Services

  Here is an example that illustrates how to implement web service at the Citadel communication:

  Communication of data via Web Services in the Web of LabVIEW user interface Builder

  Kind regards

  Mike