Application of noob - says the ASA55xx & AIP SSM inspection HTTPS or SSL?

Similar Questions

• Rules of politics on the ASA AIP - SSM services

  Salvation of the forumers

  I have an ASA with AIP - SSM. I want to protect the LAN private outside the internet attack.

  I would check the meaning of the ACL on ASDM firewall > policy of Service rule

  1. am I right to set the source: external interface, destination: 172.16.0.2

  or 2. destination value: 10.10.0.0 / 16

  Thank you

  Noel

  To respond to your request in simple just do your Service policy with the IP address that is seen by the firewall. If the IP address 10.10.0.0/16 are natted on the router with 172.16.0.2, then all IP addresses, hit on the firewall will be 172.16.0.2 so make your destination with 172.16.0.2 else if the natting is on the firewall for 10.10.0.0/16 then point the destination to 10.10.0.0/16.

• Block P2P software using the ASA-AIP-SSM-20 module

  Hello

  I have a question about blocking P2P traffic on ASA AIP module. I've searched the forums and all I could find were solutions using regex, port block, MPF, but no example of implementation of AIP.

  Could someone point me in the right direction please?

  Thank you very much

  Martin

  Hello

  You can find all the associated p2p signatures in:

  http://Tools.Cisco.com/Security/Center/home.x

  A search using Signatures, p2p, all. Then, you can set the respective signatures to your needs.

  SPSP

• Getting started: ASA5520 w / AIP - SSM

  I'm trying to deploy an ASA5520 to a customer. I have no problem with the piece of implementing firewall, but I don't know where to start with the piece of IPS.

  I searched a bit on the ASA55XX & AIP - SSM, but can't seem to find much on what to do with the AIP - SSM beyond the initial Setup.

  Can someone point me to some beginners IPS documentation that focuses on the AIP - SSM?

  Thank you

  Jeff

  In my view, there is a lack of documentation on how to get the IPS module to work with the ASA. It would be nice if there was a single document on how to get IPS working module with the ASA.

  Start with the documentation of the IPS. It's just on how to configure the IPS himself module. Assign an IP address for management, set the admin password, etc..

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids12/index.htm

  Then go to the documentation of the SAA on how to configure ASA to send traffic to IP addresses (via a service-policy):

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids11/cliguide/clissm.htm#wp1033926

  There is a free viewer of IPS Cisco event offering to monitor events on the IPS. It can be downloaded from the download page of the Cisco IPS software.

  Finally, read the whitepaper SAFE on the deployment of the IPS and the setting.

  http://www.Cisco.com/en/us/NetSol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a00801bc111.shtml

  I hope this helps. Remember messages useful rate. Thank you!

• Reloading of the AIP - SSM

  reload the module AIP - SSM affect the ASA?

  Exactly. If you don't have a political card by using the SSM module, then you can reload the module SSM and it does not affect the traffic passing by ASA. To give you more information, here is a link that gives you information on how to configure ASA to use the SSM module:

  http://www.Cisco.com/univercd/CC/TD/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/SSM.htm#wp1050744

  Hope that helps.

  Kind regards

  Maryse.

• AIP-SSM-20 upgrade

  Try to upgrade an AIP-SSM-20.

  We have 2 ASA in a failover configuration, upgrade on the AIP-SSM-20 secondary has been a success.

  On the primary AIP-SSM-20, we get the following error when you try to upgrade via FTP from the same server that we have updated the secondary SSM module of:

  execUpgradeSoftware: permission denied

  The current version is 1,0000 E1, tyring 4,0000 E1 upgrade

  We tried when the module is active and when it's not... same error in both directions. Doesn't seem to be a user FTP error since we get a different when error deliberately hits the user or password.

  Our SSM user has administrator privileges (cisco default user) and we tried to restart the SSM... no luck

  Anyone has any idea on this?

  Thank you

  John Stemke

  I don't know if the error is generated by the sensor itself, or from the ftp server.

  To discover the try running a sniffer of packages on the ftp server or the 'package' command on the CLI for the command of the probe and control interface.

  Run the command to upgrade and see if a ftp connection is still attempted by the sensor.

  If no ftp connection is attempted, then the error would be to the sensor itself, and it would seem that the user doesn't have permissions admin (which doesn't seem to be your case by what you wrote).

  If the ftp connection is attempted, then the error is probably coming from the ftp server. Look at the packages that you have captured and see if an error is coming from the ftp server. The problem may be a permissions issue on the file on the ftp server. The ftp directory or the file itself may not have read permission for the file.

  You can also try a ftp from your own desktop to the same ftp server by using the same user and password used for the sensor and see if you can download it on your own desktop.

  As a work around to get your updated sensor to update and work on this authorization the problem is later to copy the upgrade on your desktop.

  Run IDM and use IDM to repel the upgrade of your desktop directly on the sensor.

• AIP - SSM in cluster

  Hello

  We have a failover cluster ASA, with 2 IPS, each in an ASA AIP - SSM. There is a way of module config mode cluster as ASA IPS, or have a configuration that is mirrored between them?

  Thank you very much.
  Better with respect to Antonello.

  Antonello;

  Configuration mirroring between the AIP-SSMs is not currently available.  You can emulate this process by copying the current configuration of the AIP - SSM active to a FTP server, change the configuration to remove the specific details of the host (IP address, etc) and then copy this configuration on the stand by AIP - SSM.

  Another option would be to invest in Cisco Security Manager (CSM) and create a shared strategy that is applied to the two AIP - SSM.

  Scott

• Replication of configuration ASA AIP - SSM

  People,

  The AIP - SSM replicates another AIP - SSM ASA/standby configuration?

  I mean, when I change the configuration on the AIP/SSM assets, will change bring replicated to the other AIP - SSM?

  Thank you

  Yes, unfortunately all the IP addresses are the same. Configuration duplicate automatically 1 unit to another.

  Please kindly marks the message as answered if you have any other question. Thank you...

• Do I need two AIP - SSM modules if I'm failover configuration?

  Is it possible to use a single module AIP - SSM in two ASA that is configured in active / standby?

  I would like to configure the module in the first ASA with the relief setting.  Then, if the ASA first fails, I could physically remove the module AIP - SSM and place it in the second ASA.

  Would there be problems, configure it in this way?

  Would be the active / standby ASA complaining that there is that one module AIP - SSM?

  Thanks in advance.

  Hello

  You must have an AIP - SSM on two SAA in order to be able to run the failover, without it failover will not come to the top (because of incompatibility of hardware)

  Kind regards

  Julio

• ASA 5520 with AIP - SSM

  Dear all,

  I'm in the process of implantation of the product above of title to one of the clients.

  I am very familiar with the configuration of the firewall, but the module AIP - SSM is than I do the first time.

  Please I need your help to do the configuration.

  Is it possible by using ASDM to configure, if yes please give me the steps and procedures to complete the work

  Thanks in advance

  Swamy

  Hi S,

  Very easy:

  Connect to the ASA, activate mode and then connect to the IPS via the command "session 1".

  You are then connected to the console of the IPS. Enter the user name "cisco" and the password "cisco" and run the Setup program for the basic config (address IP etc). After that, you can either connect directly on IP addresses via a web browser or through ASDM.

  Then I recommend you read the setup guide for IP addresses that it can be very intense (configuration/tweaking signatures etc.)

  I hope this helps!

  See you soon

  JC

• The ACE IPS Cisco and Cisco ASA AIP - SSM (IPS)

  Is there a difference between the features offered by the Cisco ACE IPS and Cisco ASA AIP - SSM (IPS) devices?

  Can we do without Cisco ASA AIP - SSM (IPS) of 'only' configuration/implementation Cisco ACE IPS.

  Cisco AVS/ACE emphasis on commissioning and to secure web-based applications. IP addresses do not focus on just the web applications and trying to get the multiple layers of the OSI stack. Consider the IPS as a general practitioner and the ACE/AVS as an eye surgeon, or something :)

  Here is the response from Cisco itself:

  http://www.Cisco.com/en/us/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html

  Q: how is Cisco AVS Firewall application differs from an intrusion prevention system (IPS)?

  A. IPSs are solid solutions of protection against targeted attacks of known vulnerabilities in major platforms such as Windows, Solaris, Apache or Microsoft Internet Information Services (IIS). Cisco AVS excels to protect against targeted attacks Web sites or enterprise applications. These applications can be built custom internal applications or software vendor. Signatures and security patches are generally not available for these types of applications, and building these security levels in each application, it would be almost impossible.

  Q: how is Cisco AVS Firewall application differs by a network firewall?

  A. The Cisco AVS 3120 and Firewall network such as the Firewall of Cisco PIX® and Cisco ASA 5500 Series Adaptive Security appliances are complementary products. The application Cisco AVS Firewall secures Web applications; excellent network in the network security firewall. and the Cisco AVS provides defense in depth for Web applications.

  Firewall network apply policy networks, IP addresses and ports; they have a wide range of application for many different protocols layer features. The firewall can and will be deployed in many locations, including the edge, edge of the enterprise network, branch, etc. Cisco AVS imposed the policy on data HTTP as URL, headers and parameters. Cisco AVS is deployed in the data center in front of Web applications

  Concerning

  Farrukh

• The AIP - SSM to unused ASA connection interface

  Hi people,

  Perhaps, someone has already raised this issue, but I was unable to find anything relevant. We have an ASA with an unused interface (gig0/3). The sensor of the AIP - SSM is physically connected to this interface with the following IP settings:

  Sensor (192.168.2.2/30,192.168.2.1)---interface ASA (192.168.2.1/30)

  It's basically point to point connectivity, and I can reach the ASA of the sensor and the other way around.

  This design is dictated by the lack of a free port on the switch.

  Technically, it should work without any problems, but I can't seem to be able to reach the sensor. There is a switch between my PC and the sensor and the switch has the corresponding static route added. I can reach the switch sensor.

  Is there a security feature hidden I don't know that prevent communication with the sensor.

  And ACL of the sensor allows the traffic to all networks (0.0.0.0/0)

  With the sensor acl set to 0.0.0.0/0, the sensor must be allowing connectivity.

  You can use the 'View of package' command on the sensor to look at packets on the interface command and control to see if the packets are what makes the sensor.

  You say that you have a static route on your switch for the switch reach your sensor. Do you know if your PC is configured to use the switch as the computer's default router. If the PC is to use a different default router, then the other router should also the static route.

  The other possibility is that the SAA itself can be deny traffic.

  Since this is an ASA connected to the MSS interface, the traffic must be routed through the ASA. Standard firewall rules apply to this traffic. The security level of the interfaces can prevent traffic, and an ACL may be necessary in order to allow the circulation of your PC be routed to the SSM.

  NOTE: If you don't want to have to worry about roads, the other alternative is to make the network between the ASA and SSM to be an isolated network that only 2 machines know.

  You can then use PAT static to map a port on the inside of the ASA interface with the address of the SSM 443 https port and map a second port of the SAA within the interfaces to the address of the SSM SSH port.

  How your home PC would simply plug the ASA IP using these specific ports and the ASA would do the translation of port and transmit on the MSS.

  The SSM address could also be dynamically PAT would have on the SAA within the address, so SSM could start the connection to other machines on the inside network.

  Another alternative if you have addresses available on your inside network IP is to use static NAT instead of PAT. And just go forward and has the ASA statically map an IP network on IP of the SSM on the network that only the ASA and the SSM inside could know.

  In both cases the network between the ASA and SSM would not routable at, and you wouldn't have to worry of reproducing static routes anywhere.

  SIDE NOTE: A separate network for the SSM you Becase you will also need to NAT or PAT address of the SSM for the ASA to outside interface. In this way the SSM will be able to connect to Internet to download cisco.com auto updates, and/or pull overall correlation of servers cisco information. It's probably the same configuration that you would already other internal addresses, and just to be sure, you cover the SSM since you have it on a separate subnet.

• To remove an application (Dropbox) - he says it's open have tried to move to the trash etc.

  Impossible to delete an application (Dropbox) - he says that it is open. Tried to move to the trash from Finder, etc. I can't find an icon etc to open it?

  Open Spotlight (it looks like a magnifying glass, to the top right) projector type to launch spotlight, and then type Dropbox to Dropbox

• Silverlight does not work in Internet Explorer 8, when I try to install it, it says the application is already installed.

  What can I do to fix this?

  Silverlight does not work in Internet Explorer 8, when I try to install it it says, the application is already installed, but it does not appear in the Add/Remove Programs dialog box. What can I do to fix this?

  Thank you for your help

  JH

  I was able to install it, I downloaded again the installation of Silverlight and it took.

  Thanks for your help

  JH

• I have an error that says"the application-specific permission settings do not permit grant local activation for the application of the COM CLSID/w Server (BA 126ADI-2166-11 D 1-B1D0-0008 (OSFC1270))

  The error indicates that the application-specific permission settings do not grant approval to local activation for the application server COM with the CLSID (BA 126ADI-2166-11 D 1 - BLM - OO8 OSFC127OE) to the user NT Autoritative / network service SID (S-1-5-20).  The error message says it can be changed by using the component services administration tool.  I can't say what to do when I get to the admin tools.  Can you help me..

  Hi mildrednorcross,

  1. when exactly you receive this error message?

  2. is your computer connected to the server or the domain?

  If your computer is on a domain network, your question will be better suited for the IT Pro TechNet public. Please post your question in the forum TechNet for assistance:

  http://social.technet.Microsoft.com/forums/en/itproxpsp/threads

  Hope the helps of information.