AIP SSC - 5 features

Hi all

I intend to install an AIP-SSC-5 card on my 5505 and would like to know if there are any other hardware, software, or RAM required?

I found that 5505 just needs to run IOS 8.2 with url below:

http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-528621_ps6120_Products_Bulletin.html

ciscoasa > view version

Cisco Adaptive Security Appliance Software Version 9.0 (1)

Device Version 7.0 Manager (1)

Updated Saturday, October 26, 12 16:36 by manufacturers

System image file is "disk0: / asa901 - k8.bin.

The configuration file to the startup was "startup-config '.

ciscoasa up to 4 mins 56 dry

Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor,

Internal ATA Compact Flash, 128 MB

BIOS Flash M50FW016 @ 0xfff00000, 2048KB

You have everything you need to run this module.

Tags: Cisco Security

Similar Questions

  • The signing of the AIP SSC-5 updates

    Hello

    When I do an update of the signature on my module AIP-SSC-5 what happens to custom selections, I did. For example, we do not use a software of OS Linux then disable us these analysis. These choices will raise the default values on an update of the signature?

    Thanks, Julio

    Thank you, pls kindly marks the message as answered while others may learn from your post. Thank you.

  • ASA-AIP-SSC-5 is not responding, but the local session works fine.

    I have several Cisco ASA 5505 s with ASA-AIP-SSC-5 IPS modules.  Some of the IPS sensors are sensitive, but others are pretty stubborn and unresponsive.  I can reach each of them through the session 1 of the ASAs SSH host terminal or console.  Is this a problem with the software of os rev currently installed or is it the modules themselves?  Current charge Rev is 6.2 (2).

    There were multiple faults (some critics) set the 3,0000 E4 version of the software that could be the cause here (specifically patches to the mainApp process both sensorApp). A good first step would be to restart properly ("reset") each module, and after they come back online and are running normally, install the upgrade package E4 3,0000.

    Once the upgrade, if this problem persists, please specify "others are pretty stubborn and unresponsive"... they do not meet attempts to connect to remote (SSH and HTTPS), but you can session in them their orders of ASA and cause the host successfully (without error)? How long are up / in line before becoming insensitive? If you the session in one of these modules _when it's unresponsive_ and the version of 'show' command question, mainApp and sensorApp processes appear as 'Running '?

    Software defects side, cause generally seen for sensors going on which are sensor oversubscription. Another thing to keep in mind is that on this particular platform/model (AIP-SSC-5), the signature updates can take quite as long as the most powerful models (which can be seen as the sensor becomes unresponsive).

  • What are different between the IPS and AIP - SSC and AIP - SSM?

    Dear all,

    I'm not clear about the IPS, AIP - SSC and AIP - SSM module which are different?

    Then, when we can use IP addresses?

    When we use the AIP - SSC?

    When we can use AIP - SSM?

    Thus, a different IPS and AIP - SSC and AIP - SSM material or the same material?

    Best regards

    Rechard

    AIP - SSM is an IPS Firewall ASA module.

    IPS is available in different flavors:

    -Device of the IPS 4200 series

    AIP - SSM - module IPS Firewall ASA

    -IDSM2 - IPS module on 6500 series switch

    AIM - IPS - map IPS on router IOS

    Please rate and mark post useful.

  • Cisco ASA AIP SSC-5 (ASA5505)

    Hello

    I read in the new code asa version 8.2 has support for SSC-5 AIP news, dug deeper and it seems that cisco had released the SSC-5 for the firewall ASA5505 AIP... but I don't seem to find a seller to purchase a. Is this map yet available on the market?

    B.regards

    The card was announced and canbe read in the data sheet:

    http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916.html

    But is not yet available for purchase.

    8.2 ASA was previously published, and then the period allowed for the completion of the production with the final release code.

    Once completed, the SSC-5 will be ordered.

  • Update to SSM40 - has not

    Hello everyone,

    I have a brand new pair of ASA 5540 with SSM40 modules.  I'm trying to update the local software on the SSM 2.  I've been looking around and found a few step by step examples, but I keep getting errors.  The latest version (factory) is 6.0 (6) and I try to go more later from Cisco 6.2 (3).

    SSM01 (config) # update ftp://10.xxx.xx.8/IPS-SSC_5-K9-6.2-3-E4.pkg
    User: anonymous
    Password:
    WARNING: Running this command will apply a software update to the application partition. The system can be restarted to finish the upgrade.
    Continue the upgrade? []: Yes
    Error: execUpgradeSoftware: this package cannot be installed on the platform of the SSM-IPS40, please creditor
    lt the readme for taken platforminformation in charge.

    If someone had the same problem and has a solution I would appreciate the help.

    See you soon

    -mike

    Hello

    The package file, you are referring is not for the AIP-SSM-40, but for the AIP - SSC for the ASA 5505.  This is mentioned in the Release Notes here:

    The IPS-SSC_5-K9-6.2-3-E4.pkg can only be used to upgrade AIP SSC5 sensors.

    http://www.Cisco.com/Web/software/282549758/38029/IPS-6_2-3-E4_readme.txt

    If you try to upgrade the AIP-SSM-40, the latest version should be 4,0000 E4.  This is mentioned in Readme for 4,0000 E4 read:

    SUPPORTED PLATFORMS
    

    The following IPS/IDS platforms are supported:
    
- IPS 4240 Series Appliance Sensor
    
- IPS 4255 Series Appliance Sensor
    
- IPS 4260 Series Appliance Sensor
    
- IPS 4270 Series Appliance Sensor
    
- IDSM2 for Catalyst 6500
    
- AIP SSM-10 for ASA 5500
    
- AIP SSM-20 for ASA 5500
    
- AIP SSM-40 for ASA 5500
    
- AIM IPS for ISR Router
    
- NME IPS for ISR Router
    

    http://www.cisco.com/web/software/282549709/35783/IPS-7_0-4-E4_readme.txt
    

    The file you need for the upgrade is "IPS-K9-7.0-4-E4.pkg", which is available for download here:
    

    http://tinyurl.com/2wsnl9z
    

    Hope this helps!

  • Module of IPS ASA 5505 Cisco ASA-SSC-AIP-5 Auto Update

    Automatic update no longer work after November 14, 2014

    Cisco Intrusion Prevention System, Version 5,0000 E4, SSC-AIP-5

    Error: automatic update has selected a package ([https:[email protected] / * *///swc/esd/11/273556262/guest/IPS-sig-S838-req-E4.pkg) to the cisco.com Locator service, however, the package download failed: the host is not approved. Add TLS certificates approved of the host system.

    Automatic update can work without problem until November 14, 2014.

    I've added welcomes guests of tls trust

    # tls trust-facilitators
    72.163.4.161
    72.163.7.60

    Always faced with the same question

    Understand the Signature Update feature works automatic Cisco IPS

    http://www.Cisco.com/c/en/us/support/docs/security/IPS-sensor-software-version-71/113674-IPS-automatic-signature-update-00.html

    SPI uses the file transfer

    protocol defined in the file download data learned in the server manifest URL (currently using HTTP

    TCP (80)).

    The problem I see is that earlier before 14 nov it fetch the file signature with HTTP (works fine)

    but now, he's trying with HTTPS instead.

    A single session against 72.163.4.161 (have always been the HTTPS)

    A single session against 72.163.7.60, previous HTTP now it uses the HTTPS protocol

    Does anyone have a solution?

    fix.

    the problem with the location service should be set right now and you can continue to use the auto-update http

  • ASA ips feature

    I want to ask you what the works of IPS on ASAs functionality.

    There all the signatures, or it is limited?

    Perfect me if Iam wrong if I say that I needed module AIM for ips work on the asa. If Iam right, so why AIM has only 1 ethernet interface. This means that I am not follow 1 vlan?

    Thank you very much.

    The ASA-SSM-AIP-10 or ASA-SSM-AIP-20 according to the ASA modules is required for full monitoring of IPS features. The IPS on the MSS software is the same as for devices and other modules IPS. It uses the same software and signature updates. (Except for the image of the main system which has a few extra things to allow installation on the SSM)

    Without the ASA-SSM-AIP, the Software ASA itself has a set of very limited signatures that can be monitored. The signatures set is the same as in the previous version of the Pix Firewall.

    As for the single port on the ASA - SSM. This port is not a monitoring port. The port is the port command and control and has an IP address so that you can telnet, ssh or web browse to the sensor, so you can manage. The real follow-up is done on an internal interface connected inside firewall basket. The ASA can be configured through its policy to send packets through the SSM for the analysis of the IPS. Politics on the SAA can be configured for the IPS to monitor packets histocompatibility or inline.

    The SAA can be configured to send all or part of the packets through the firewall to monitor by the IPS of code that runs on the MSS.

    Since the external port is not a monitoring port that DFS may not be configured to control packets that do not go through the ASA. Packets must pass through the ASA ASA copy these packages through internal backplane to the SSM for analysis.

  • AIP - SSM

    Hello

    Scenario of

    2 networks

    outside the network ALL

    inside the 192.168.1.0 network

    How can I simulate the work of AIP - SSM at the back of the firewall?

    My version.

    test access extended list permits all ip 192.168.1.0 255.255.255.0

    the class map test

    match name of group-access test

    the policy-map test

    the class test

    IPS inline help

    Expected that all comments

    Thank you

    Leo

    My expertise lies in the IPS and not the firewall. My knowledge of the firewall is quite limited in what it takes to get the packages to the SSM.

    SO I'm not sure what the ACL are applied before the decryption or after decryption.

    If you want to know at what stage the ACL are applied, you need post a message on the forum of firewall.

    I was just trying to show that all firewall features (whatever they are) would be on the package before sending it to the SSM with the exception of encryption and the final drive.

  • WLC4402, SSC 4.0, EAP FAST with ACS 4.1.23 and Active Directory

    Hi all

    I have a problem where my client software SSC (Cisco Secure Services)-wireless on laptops don't will authenticate the windows domain users if they enter the user name and passwords manually. The unique signature feature will not work. I am using EAP-FAST. It is an ACS appliance based server that I restored from the recovery CD.

    When I look at the failure of authentication request I can see that she is trying to send [email protected] / * / during an attempt to SSO on. The log shows that it is a bad user name or password. Note that the end of the domain name is missing.

    I can see the authentication attempt in the log of the remote agent (CSWINagent.log) on the domain controller, so I don't know that it sends the connection request to the domain controller. The Remote Agent is the same version as the ACS server. When I authenticate successfully (manually) it sends not the domain part of the user.

    This is a new installation. Initially, I had 2 remote agents, both on the service domain controllers has been run under an account with sufficient privileges windows domain administrator. After a planned turn off weekend windows authentication has stopped working completely. I found a post in this forum that says to use the local system to start the remote agent service. This led windows authentication to life, but now I have this problem. I don't know that until I changed it the manual connection is also required in domain (IE user domain\username). I can't be sure that this is the case!

    Can anyone help me to get windows AD to accept these credentials, because they are sent to the client connection? Otherwise if I can make it work with the user account, he worked with initially then that would be great.

    Thank you very much

    As you mentioned that SSC transmits the username "[email protected] / * /" in SSO.

    Is what I think for the moment, to use the feature of Distribution of Proxy on ACS.

    that is, demand to come as it is "[email protected] / * /', let's make ACS Stip off"@domaine"and"username"to RA for AD verification."

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NetCfg.html#wp342969

    After stripping '@domaine' send the request back to the ACS it itself, i.e. in the column forward to, ensure that we have input of the ACS.

    And let me know if it works for you?

    Kind regards

    Prem

  • The ACE IPS Cisco and Cisco ASA AIP - SSM (IPS)

    Is there a difference between the features offered by the Cisco ACE IPS and Cisco ASA AIP - SSM (IPS) devices?

    Can we do without Cisco ASA AIP - SSM (IPS) of 'only' configuration/implementation Cisco ACE IPS.

    Cisco AVS/ACE emphasis on commissioning and to secure web-based applications. IP addresses do not focus on just the web applications and trying to get the multiple layers of the OSI stack. Consider the IPS as a general practitioner and the ACE/AVS as an eye surgeon, or something :)

    Here is the response from Cisco itself:

    http://www.Cisco.com/en/us/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html

    Q: how is Cisco AVS Firewall application differs from an intrusion prevention system (IPS)?

    A. IPSs are solid solutions of protection against targeted attacks of known vulnerabilities in major platforms such as Windows, Solaris, Apache or Microsoft Internet Information Services (IIS). Cisco AVS excels to protect against targeted attacks Web sites or enterprise applications. These applications can be built custom internal applications or software vendor. Signatures and security patches are generally not available for these types of applications, and building these security levels in each application, it would be almost impossible.

    Q: how is Cisco AVS Firewall application differs by a network firewall?

    A. The Cisco AVS 3120 and Firewall network such as the Firewall of Cisco PIX® and Cisco ASA 5500 Series Adaptive Security appliances are complementary products. The application Cisco AVS Firewall secures Web applications; excellent network in the network security firewall. and the Cisco AVS provides defense in depth for Web applications.

    Firewall network apply policy networks, IP addresses and ports; they have a wide range of application for many different protocols layer features. The firewall can and will be deployed in many locations, including the edge, edge of the enterprise network, branch, etc. Cisco AVS imposed the policy on data HTTP as URL, headers and parameters. Cisco AVS is deployed in the data center in front of Web applications

    Concerning

    Farrukh

  • Configuration of AIP SSM to monitor only

    Hi all

    We bought an AIP-SSM-20 for our ASA5520. Is there a way to enable the IPS feature, but not block anything, i.e. just record events? It's just to see if any legitimate business traffic will be blocked.

    Thank you!

    Jacques

    Set the ASA to send traffic to IP addresses in promiscuous mode by using the following command in a sheet of policy:

    IPS hostname(config-pmap-c) # {inline | promiscuity} {failure-closing |}

    rescue} [sensor {sensor_name | mapped_name}]

    http://www.Cisco.com/en/us/docs/security/ASA/asa80/Getting_started/asa5500/quick/guide/aipssm.html

    Geroge

  • The AIP - SSM to unused ASA connection interface

    Hi people,

    Perhaps, someone has already raised this issue, but I was unable to find anything relevant. We have an ASA with an unused interface (gig0/3). The sensor of the AIP - SSM is physically connected to this interface with the following IP settings:

    Sensor (192.168.2.2/30,192.168.2.1)---interface ASA (192.168.2.1/30)

    It's basically point to point connectivity, and I can reach the ASA of the sensor and the other way around.

    This design is dictated by the lack of a free port on the switch.

    Technically, it should work without any problems, but I can't seem to be able to reach the sensor. There is a switch between my PC and the sensor and the switch has the corresponding static route added. I can reach the switch sensor.

    Is there a security feature hidden I don't know that prevent communication with the sensor.

    And ACL of the sensor allows the traffic to all networks (0.0.0.0/0)

    With the sensor acl set to 0.0.0.0/0, the sensor must be allowing connectivity.

    You can use the 'View of package' command on the sensor to look at packets on the interface command and control to see if the packets are what makes the sensor.

    You say that you have a static route on your switch for the switch reach your sensor. Do you know if your PC is configured to use the switch as the computer's default router. If the PC is to use a different default router, then the other router should also the static route.

    The other possibility is that the SAA itself can be deny traffic.

    Since this is an ASA connected to the MSS interface, the traffic must be routed through the ASA. Standard firewall rules apply to this traffic. The security level of the interfaces can prevent traffic, and an ACL may be necessary in order to allow the circulation of your PC be routed to the SSM.

    NOTE: If you don't want to have to worry about roads, the other alternative is to make the network between the ASA and SSM to be an isolated network that only 2 machines know.

    You can then use PAT static to map a port on the inside of the ASA interface with the address of the SSM 443 https port and map a second port of the SAA within the interfaces to the address of the SSM SSH port.

    How your home PC would simply plug the ASA IP using these specific ports and the ASA would do the translation of port and transmit on the MSS.

    The SSM address could also be dynamically PAT would have on the SAA within the address, so SSM could start the connection to other machines on the inside network.

    Another alternative if you have addresses available on your inside network IP is to use static NAT instead of PAT. And just go forward and has the ASA statically map an IP network on IP of the SSM on the network that only the ASA and the SSM inside could know.

    In both cases the network between the ASA and SSM would not routable at, and you wouldn't have to worry of reproducing static routes anywhere.

    SIDE NOTE: A separate network for the SSM you Becase you will also need to NAT or PAT address of the SSM for the ASA to outside interface. In this way the SSM will be able to connect to Internet to download cisco.com auto updates, and/or pull overall correlation of servers cisco information. It's probably the same configuration that you would already other internal addresses, and just to be sure, you cover the SSM since you have it on a separate subnet.

  • Problem with installing new card online 7600-SSC-400

    Hi all

    I have a problem when you try to install the new card online 7600-SSC-400 on Cisco 6509. Here was the message is displayed on the screen after I finished installing the card online: "% C6KPWR-SP-4-No supported: no power management module into the connector 7, unauthorized: the image of the card is not packaged in image." I tried to install this card online on another site, but it does not work. The substantive position's logfile which I recorded in the installation session. I don't know what I should do now, please help me solve this problem!

    Thank you very much

    Hieu

    Your IOS image should be characteristic of 'Advanced IP Services' configured to run the IPSEC-SPA module. You are running "Services IP".

    Here is the URL for your reference:

    http://www.Cisco.com/en/us/docs/switches/LAN/catalyst6500/IOS/12.2SXF/native/release/notes/features.html#wp2782875

    Hope that helps.

  • ASA5510 and AIP-SSM-10 module in promiscuous mode

    Hello

    I have a 5510 ASA with the AIP-SSM-10 and want to use just like an ID in promicuous mode.

    ASA 5510: ASA version 7.0 (8)

    AIP-SSM-10: IPS version 5,0000 E2

    At this point, we would like to configure a single interface of ASA to send traffic to the agreement in principle for the inspection of IDS (and continue to use our firewalls third existing). Is this possible?

    The following discussion gives to think this isn't:

    https://supportforums.Cisco.com/message/957351

    22.1.100.2/28 I have it configured on the interface Eth0/0 (outside) and 10.5.100.3/24 on the AIP - SSM management interface and switchports (Cisco 6509) have been configured by SPAN.

    Thanks for your advice in advance.

    Kind regards

    Lay

    You are right. Unfortunately, module AIP on ASA firewall does not listen on traffic SPAN. If you want that SPAN ports, then you can use the IPS (IPS 4200 series appliance) appliance that supports the SPAN traffic to inspect.

    PIX is also a firewall, not a feature of IPS, which cannot be used as an IPS device.

Maybe you are looking for

  • How to install on Debian 8 Tbird

    I want to install Tbird, not Icedove, on 8 Debian, but get failures. The most recent is "XPCOMGlueLoad error for file /home/frank/thunderbird/libxul.so: libXcomposite.so.1: cannot open shared object file: no such file or directory was not able to loa

  • No sensor fingerprint on my Qosmio X 300-12 H?

    Hello I bought my Qosmio X 300-12 H on 3d this month in the United Kingdom and just found that it doesn't have a fingerprint sensor.As shown in the pictures on the site Web of Toshiba and the user manual book, fingerprint sensor should be two touch p

  • Windows vista update hung up

    I have a Dell 1051 running windows Vista Home Basic.  It worked fine until this morning.  It is stuck on the configuration of windows update 3 of 3.  It keeps restarting and saying the same thing.  I tried to start in safe mode, but it is trying to i

  • Media disconnected on Acer Asipre One

    How can I reconnect my 'media' to access my wireless router? I tried to release and renew through the command prompt window but impossible because "no operation can be performed on wireless network connection while it has its media disconnected." I h

  • Matshita dvd-ramuj-850 s dose not read or write or read a dvd

    driver is disabled indevice manager filter device driver is corrupt or class-specific-filterdriver are missing or corrupt.driver is not assigned to a drive letter-media in the cd/dvd drive is not readable, this device is faced with a problem that it