Licensing Module AIP SSM issue

Similar Questions

• Module AIP - SSM hung

  Hello

  I recently confgured my module AIP-SSM-40 in my firewall that is configured in HA(Active/Standby). It was working fine. Then, I upgraded the version of the image to IPS, 2.0000 E3.

  It worked fine for a week. Then I found that the secondary firewall was in a State of secondary failure. My AIP - SSM in the secondary firewall fails.

  I couldn't connect the AIP - SSM with command session 1. Display the order watch module

  Model serial number of map mod
  --- -------------------------------------------- ------------------ -----------
  0 ASA 5520 Adaptive Security Appliance, ASA5520

  1. ASA 5500 Series Security Services Module-40 ASA-SSM-40

  MAC mod Fw Sw Version Version Version Hw address range
  --- --------------------------------- ------------ ------------ ---------------
  0 0021.a09a.d1bb for 0021.a09a.d1bf 2.0 1.0 (11) 5 8.0 (4)
  1 0023.5e15.f6c8 to 0023.5e15.f6c8 1.0 1.0 (14) 5

  The Application name of the SSM status Version of the Application of SSM mod
  --- ------------------------------ ---------------- --------------------------

  Data on the State of mod aircraft compatibility status
  --- ------------------ --------------------- -------------
  0 to Sys does not apply
  1 does not not Applicable

  at the end of the failover see command shows

  Slot 1: ASA-SSM-40 rev hw/sw (1.0 /) status (does not/high)

  I suspect module SSM is having the problem. Is it possible to recover.

  Try to stop and reset the module using this command from the ASA:

  HW-module module 1 reset

• -Renewal-license module CSC SSM

  Recently, my existing CSC SSM module license expired & I need to know the necessary steps & product ID to renew expired CSC SSM license module hosted on ASA-SSM-20 device:

  Tip,

  The system was laid off with Base & more license, 500 users.

  Yes, it's at the BASE and MORE.

  Please check the question as answered if that's the case, so that others can benefit from in the future.

  Take care

  PK

• silly question on module aip - ssm

  When the aip ssm module is in inline mode. fact the package first analyzed by the aip ssm module or it is first checked by the firewall rules if it is allowed and then sent to the aip ssm module.

  can someone throw some light on this.

  concerning

  Sushil

  All firewall rules are applied prior to sending the packets of the SSM.

  So if the package will be deleted by a firewall rule, the package will not be sent to the SSM.

  If the package will be changed by a firewall rule, then the change will be before being sent to the SSM.

  There are two exceptions, and this is the encryption and final release of the package.

  Encryption occurs after they are sent to the SSM, so SSM always sees a unencrypted traffic (where the ASA is encryption tunnel endpoint).

  And of course send the package by the SAA through external sound interfafes happens after the sending of the SSM.

  In the case of promiscuity, followed by the SSM, encryption and pass arrive just after that a copy is sent to the SSM.

  In the case of the line followed by the SSM, encryption and transmit occur only after that the SSM has completed the analysis and the package was not refused by the SSM.

• New deployment with the ASA and AIP - SSM module

  Hi guys and girls,

  I think to deploy an ASA with IPS module AIP - SSM to my perimeter. I'm going to use / * Style Definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-margin : 0 ; mso-para-marge-bottom : .0001pt ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;} Cisco IPS Manager Express (IME) to monitor the IP addresses to monitor the ASA. I have no plans on deploying a device IDS.

  Question: The IME is designed to send notices to the subject of threats? What are some of the configurations in your network? (Just prick with the last question.)

  THX...

  IME is designed only for IPS monitor (whether it be IPS appliance, module AIP - SSM on ASA or other module IPS). IME is not able on the control of ASA.

  EMI can provide advice by email about events which are fires on the IPS, while the IPS itself cannot. EMI may also keep all the events triggered by the IPS, while SPI buffer is small enough, that so if you have huge demonstrations, the buffer gets replaced pretty quickly.

  Here is more information about IME, if you are interested:

  http://www.Cisco.com/en/us/products/ps9610/index.html

• where connect AIP - SSM 10 MODULE INTERFACE

  Hello

  We have CISCO ASA 5520 model with Module AIP - SSM 10 IPS, I'm new to IPS,

  1. I do not know where to connect from this port module (connectivity) another port it should connect to any router interface or L3?

  2. which IP address to use, it should be accessible network IP or customer?

  3 and the functioning of the IPS. ?

  with kindness is - anyone can guide me.

  Hello

  You will need the credentials of EAC by means of which you should be able to connect to www.cisco.com

  SPSP

• Do I need two AIP - SSM modules if I'm failover configuration?

  Is it possible to use a single module AIP - SSM in two ASA that is configured in active / standby?

  I would like to configure the module in the first ASA with the relief setting.  Then, if the ASA first fails, I could physically remove the module AIP - SSM and place it in the second ASA.

  Would there be problems, configure it in this way?

  Would be the active / standby ASA complaining that there is that one module AIP - SSM?

  Thanks in advance.

  Hello

  You must have an AIP - SSM on two SAA in order to be able to run the failover, without it failover will not come to the top (because of incompatibility of hardware)

  Kind regards

  Julio

• Reloading of the AIP - SSM

  reload the module AIP - SSM affect the ASA?

  Exactly. If you don't have a political card by using the SSM module, then you can reload the module SSM and it does not affect the traffic passing by ASA. To give you more information, here is a link that gives you information on how to configure ASA to use the SSM module:

  http://www.Cisco.com/univercd/CC/TD/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/SSM.htm#wp1050744

  Hope that helps.

  Kind regards

  Maryse.

• AIP SSM and virtual devices

  I just put in place a module AIP SSM in an ASA 5520 with a unique security context.

  Do I need to configure virtual devices in this case? or I can use the VS0 default? In the documentation of the IPS, he says "You can't change the definition of signature, rules of action event or anomaly detection policies." for the default virtual sensor (VS0), which is the only virtual sensore I.

  Can someone clarify what this means? It somehow restrict the usefulness of the IPS if I do not set up a separate VS?

  Thank you very much.

  A single sensor vs0 virual is very good, especially when only a single surveillance security context.

  The statement do not change the definition of signature, event actions or policies of anomaly detection rules can be a little misleading.

  What he's trying to say, is that you cannot create ad1, regles1, and any new polcies sig1 and try to apply them to vs0. The vs0 default must use sig0, rules0 and ad0.

  If you have created a new vs1, then you can apply the new policies like sig1 and regles1 ad1 to this new vs1.

  This does NOT mean that you cannot make changes to config in sig0, rules0 and ad0.

  So feel free to make configuration changes to sig0, rules0 and ad0 to fine-tune how your vs0 should handle the traffic.

  It's just the names of politicians who cannot be changed when you use vs0.

• IPS Signature DataBase - ASA IPS/IOS IPS/IPS 42xx/AIP-SSM

  Hello

  Can someone briefly tell me the details of database signature (number of Signature) among the following devices

  --> ASA IPS/IOS IPS/IPS 42xx/AIP-SSM.

  Thank you

  IPS on ASA/PIX = signatures only 50 or so common

  Module AIP - SSM is same signatures as the Cisco 4200 series sensors. Few minor differences exist (such as signature support IPv6 etc.)

  Please rate if useful.

  Concerning

  Farrukh

• AIP - SSM upgrade procedure

  Hello world!

  I have version 8.2 ASA5520 (1) with module AIP-SSM-20

  and I want to put AIP-SSM-20 software version 3,0000 E3 to E4 2.0000

  I go to the download site and see the following list:

  Intrusion Prevention System (IPS) recovery software:

  • IPS-K9-r-1.1-a-7.0-2-E4.pkg

  Release date: March 29, 2010

  IPS Recovery Image File

  Intrusion Prevention System (IPS) Signature Update:

  • IPS-GIS-S481-req - E4.pkg

  Release date: March 31, 2010

  E4 Signature Update S481

  Intrusion Prevention System (IPS) system software:

  • IPS-SSM_20-K9-sys-1.1-a-7.0-2-E4.img

  Release date: March 29, 2010

  Image system IPS-SSM_20 file

  Improved Intrusion Prevention System (IPS) systems

  • IPS-K9-7, 0-2 - E4.pkg

  Release date: March 29, 2010

  File upgrade 7.0 Major of IPS (all supported except AIM - IPS and NME - IPS platforms)

  • IPS-engine-E4-req-7.0-2.pkg

  Release date: March 29, 2010

  The IPS E4 engine update

  I'm a little confused by the number of files and you want to ask what the procedure/sequence I should follow to upgrade?

  This is the file that you want to use to upgrade:

  Improved Intrusion Prevention System (IPS) systems

  IPS-K9-7, 0-2 - E4.pkg

  Upgrade:

  (1) download the file 'IPS-K9-7, 0-2 - E4.pkg' through IDM

  (2) IDM--> Configuration--> sensor--> sensor update management--> choose update is located on the client--> choose file 'IPS-K9-7, 0-2 - E4.pkg'--> hit the button "Update".

  It will take some time (about 20 minutes) to upgrade the sensor, so don't panic if it does not return to the top 'UP' status immediately.

  Hope that helps.

• AIP - SSM on contexts or transparent

  Hello

  I would like to know if its possible to have a module AIP - SSM on a SAA configured in transparent mode and if its possible to have in several contexts. Two different scenarios. The customer wants to know who, and I'd like to see if possible on a document from Cisco. I think that both scenarios are possible, but I have not found any document.

  Thank you

  Paul

  Hi Paul,.

  Here is the link that explains how you can configure multiple virtual devices and as you can see that it is supported on both put to rout and the transparent mode.

  http://www.Cisco.com/en/us/docs/security/ASA/asa82/configuration/guide/IPS.html#wp1087111

  I hope this helps.

  Thank you

  Sunil-

• AIP - SSM, failure to update the cisco Web site

  Hi all

  I want to know the reason why my AIP - SSM fails to update its signatures automatically from cisco website. I put the module do cisco automatic signature update, but it doesn't matter when he tries to update, it displays an error message that reads "= error: exception Autoupdate: HTTP failed to connect (1 111) ' find the exact error message attached. The interface of my AIP - SSM is behind the proxy of the company and I put the proxy to allow Module AIP - SSM establish a connection to the internet.  What could be wrong?

  Your help will be very appreciated.

  Concerning

  Automatic update to the signature of the IPS is not supported through proxy server.

  The configuration of the proxy server on the IPS is only for the overall correlation.

  You must allow direct access for the automatic update of signature to IPS.

• AIP SSM - application of physical port

  Hi all

  I have an ASA5520 with the AIP SSM module.

  I would like to get a quick check on 2 things.

  1. Module AIP-SSM MUST have a physical ethernet port plugged in order for IPS to function?
  2. Module AIP-SSM IP address must be on a different IP range like ASA5520 interfaces. ?

  Please correct me if I'm wrong.

  As I have it a deployment of ASA + AIP, but due to the imitation of physical port on our network & IP; We are not able to answer for the AIP module.

  Please notify.

  1. physical ethernet port must be plugged in and connected to the network for management purposes. To manage the AIP itself module for the GUI of IDM.

  2. No, it didn't need to be on the different range of IP addresses as the interface of the ASA. It's just another IP of your network, and it must be connected to the network via its management port (physical port located on the IAFF himself module), it may be on another subnet within your ASA interfaces.

  The only way that you can manage the AIP via the GUI (IDM) module is via its physical port. However, if you are happy to set up and manage the module AIP via command line, you can always just session through the ASA command line, however, it can be annoying AIP CLI management.

• ASA 5520 with AIP - SSM

  Dear all,

  I'm in the process of implantation of the product above of title to one of the clients.

  I am very familiar with the configuration of the firewall, but the module AIP - SSM is than I do the first time.

  Please I need your help to do the configuration.

  Is it possible by using ASDM to configure, if yes please give me the steps and procedures to complete the work

  Thanks in advance

  Swamy

  Hi S,

  Very easy:

  Connect to the ASA, activate mode and then connect to the IPS via the command "session 1".

  You are then connected to the console of the IPS. Enter the user name "cisco" and the password "cisco" and run the Setup program for the basic config (address IP etc). After that, you can either connect directly on IP addresses via a web browser or through ASDM.

  Then I recommend you read the setup guide for IP addresses that it can be very intense (configuration/tweaking signatures etc.)

  I hope this helps!

  See you soon

  JC