The IPS with ASA5520 failover

Similar Questions

• Discovers all THE IPs with VLanID vMotion

  Dear,

  Is it possible to find the vMotion active IP with VLanID. I'm looking for a table as VMHost, IP, VLanID vMotion.

  Thanks in advance.

  Rajesh Bhuvanan

  Try something like this

  {foreach ($esx in Get-VMHost)

  foreach ($vmk in (Get-VMHostNetworkAdapter - VMHost $esx | where {$_.})) {VMotionEnabled}))

  Get-VirtualPortGroup-name $vmk. PortGroupName - VMHost $esx |

  Select @{N = "$vmhost"; E = {$vmk. VMHost.Name}},@{N='PG'; E={$_. Name}},VlanId,@{n='IP'; E = {$vmk. IP}}

  }

  }

  Note that this will not display the VlanId for distributed switches.

• The IPS Version update

  We use the ASA 5510 with AIP - SSM 10 IPS version 6.0 (3) E1 with a licensee agreement valid. Now, we want to update version IPS 1.0000 E2, is that the update is possible? If so guide me how and also guide me or provide the link how to make a previous backup.

  Yes, I just do the same thing. You will need to download the upgrade with the extension pkg (not the image file that I kept trying to do). The file is: IPS - K9 - 6.1 - 1 - E2.pkg under the security software, software updates.

  Link:

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ips6

  Once you have this file, put it on an FTP server, or place the file on the local client that you use to connect to the IPS with IDM. You will need to go to the update of sensor in the IDM and either choose FTP or local update path and point to the file. Sensor recharges when it is made, but you don't won't restart ASA. It will take about 5 minutes, and then you should be able to reconnect to your sensor with IDM.

  Here is a useful link on the upgrade:

  http://www.Cisco.com/en/us/docs/security/IPS/6.1/Configuration/Guide/CLI/cli_system_images.html#wp1231089

  Here is a link to make a backup of the config:

  http://www.Cisco.com/en/us/docs/security/IPS/6.1/Configuration/Guide/CLI/cli_configuration_files.html#wp1033167

  I hope this helps!

  Jason

• Where can I get the license for the IPS module file?

  We just bought an ASA 5515 X with internal IPS module.

  I registed the IPS with Cisco and got a license key

  However, the module IPS needs a license file (, lic)

  I see nothing in the documentation or the instructions that came with the device to get this file. I don't see anything on the cisco Web page of license.

  can someone help me?

  Try this

  https://Tools.Cisco.com/swift/LicensingUI/ipsCryptoPage

• ASA with different failover module IPS

  Hi all

  Is it possible to configure the failover of the ASA with different IPS module configuration because we have: ASA 5585-X with firepower PHC-10 and ASA 5585-X with IPS SSP-10

  Thank you

  N °

  Inventories of material (basic unit, memory and optional modules) must be the same in a pair of failover ASA.

• I can't discover a device ips with the CSM, the connectivity test failed!

  Hello world

  As I say I IC discovering my unit IPS with CSM, I have this message:

  The connectivity test failed. Elapsed time: 0 seconds. Expired certificate expiry of the certificate by the device. Certificate of details he received the device: [[Version: V1 subject: CN = X.X.X.X, OR is SSM-IPS10, O is "Cisco Systems, Inc.", C = us Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 key: public module of 1024 bits Sun RSA key:]]

  163313595958527341944117022920288114482504180720578005561064955313643774990976715676633248342066152083691325258722628818351428036183713571418359362172457378662626088225882179602799780417125413462000959388084832050518999958663965078068279649170934515615745020420256153072567949117948346991874191887565159544369

  [public exponent: 65537 validity: [from: Tue Dec 07 10:42:59 THIS 2010, to: Fri Dec 07 10:42:59 HEC 2012] issuer: CN = X.X.X.X, OR is SSM-IPS10, O is "Cisco Systems, Inc.", C = SerialNumber us: [-XXXXXXX]] algorithm: [SHA1withRSA] Signature: 0000: E1 DF 3 a 84 EF E5 C8 F5 F8 EB D1 BA C8 55 54 61:... a... T.. U 0010: F8 E4 54 28 0F 0F DB F8 DB CA 0A 5F 63 B0 0E 0C. T. (..... _c 0020: 4 a 28 46 9th D0 B7 B9 F1 A7 B7 35 95 2 CA EB FD J (F...) 5,... 0030:03 32 D1 1A 13 DB B3 9B C9 E2 E6 22 04 D1 84 3 B. 2... ». ;.. 0040:4 4TH BD D2 E0 25 27 46 5F 1 D ED 39 EC 8F 38 BD MN...%'F_... 9.8 0050: BE ED E8 7 02 AE 62 92 89 66 86 BB B4 B6 FD 1F... b... f... 0060:6 46 27 2 4 b EF F8 C9 1F 81 29 82 C1 AB lF 5F 4F,'K... O..._)... 0070:06 33 0D EA THIS 3F 85 CC 2F 82 6 B 8 90 AND 8 B.3 D8 D6...? ... /...k... ] Please synchronize the time settings on the device and the server of the Security Manager and the time-out value of the certificate, and then generate a new certificate.

  I already generate a new key rsa on the ASA FW IOS version 8.4, my connection is ok and my password. I discovered the FW ASA successfully but not IPS module.

  worm CSM 4.3.0 service pack2

  Thank you for your help.

  This is a common problem with IPS and is easily fixed.

  The IPS uses a self-signed certificate for the protection of its channels of management TLS (Transport Layer Security). When an IPS is initialized who signed a certificate is valid for two years. This certificate is separate from the ASA RSA key.

  To regenerate, please see the procedure described here.

  Do not forget to rate helpful answers and mark your question as answered when solved.

• IPS with surveillance mode?

  Hello

  I just new ASA 5555 - X with IPS activate the installation planning.  However, how to set up so the IPS just race as a way of monitoring with so I can more easy to active before tune.

  Because even during execution promiscuous mode active measures to block traffic I want he should through.

  Thank you!

  If the SPI is the fire power module, the guide for installation:
  http://www.Cisco.com/c/en/us/support/docs/security/ASA-firepower-service...

  You will need to use "monitor only" to use as an ID instead of the IPS.

  sfr fail-open monitor-only

• Recommendation of the IPS

  Hi Netpros,

  I want to implement the IPS solution in our company as well as management software to manage mailboxes of the IPS. What is the latest version of the Cisco management software I have to deploy. It will be compatible with the ID?

  Thanks in advance.

  You can implement 2.3 VMS of Cisco who has the CiscoWorks Center for IDS sensors

  For more information, please visit http://www.cisco.com/en/US/partner/products/sw/cscowork/ps2330/products_qanda_item09186a008009253c.shtml

  It may be useful

  Franco Zamora

• Recover password of the IPS module (ASA)

  Dear experts,
   
  I have an ASA 5500 series with AIP SSM (IPS module), the username and password are lost.
   
  According to cisco portal, there are two approaches to recover the password:
  1 using the CLI command: hw-module module reset slot_number password;
  2. with the help of ASDM--> tools--> 'IPS password reset.
   
  Not sure whether the two commands to achieve the same result (retrieve password) or they may have different results (i.e. need to reset the module).
   
  The device is online, reset module is not privileged.
   
  After checking the information from the internet, it offers to reset the IPS module. Any problem will be produced if the IPS module is not reset?

  RDG
   
  Anita

  Hi Anita,.

  You can try using:

  HW-module module slot_number password reset

  Who will reset just the IPS to its default username/password:

  Cisco and cisco

  You can access the ASA CLI IPS:

  session 1

  Then type cisco and cisco (username/password)

  For example, you could add a new password.

  Don't forget to evaluate and select the right answer.

• Problem to run the IPS of ASDM

  Hi guys, I have an ASA 5520 ver 8.4 with a module AIP-SSM-40, when I finished the configuration, I can ping from ASA IPS module and the IPS module to ASA. I can ping IPS module to my PC and so on. the problem is when I try to launch the IDM (IPS tab) of the ASDM,

  This error message appears on the GUI. Error connecting to the sensor. Load sensor error. I have connected the interface of management of IP addresses to a switch, the ASA is connected to the same switch, and my PC is also connected to this switch, all in the same vlan.

  Can you help me on what can I do to solve it.

  Thank you.

  Hi Hugo,.

  Please see the following link

  https://supportforums.Cisco.com/thread/2092783

  http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00808908d5.shtml

  Kind regards

  Prashant

• ASA using only the IPS?

  Hello

  It is possible to use the ASA with IPS-Module as sensor only, located with its external interface on a mirrored switch port?

  Kind regards.

  Volker

  The external interface is for command and control only and cannot be used for monitoring.

  The SSM is only able to monitor traffic passing by the ASA.

  The ASA does not support the connection ports to ports switched mirror either.

  The closest you get is to configure the ASA is transparent with ACLs on each interface that allow all traffic and then place the ASA between 2 of your existing devices. And then place a policy on the SAA to copy all packages to the SSM for surveillance of promiscuity.

  If you have another type of firewall, existing installation, you can try placing the ASA transparent among other things your firewall and your DMZ switch for example.

  All traffic would be passed through the ASA and copied in the SSM for surveillance of promiscuity.

  This mode could better be described as using the ASA as a simulated click to send traffic to the SSM.

• The IPS software version

  Just got an ASA with a SSM - 20 module. I am trying to determine the latest revision of sensor for the IPS module software. V5.1 (7) E1 has a date of October 18, 2007 and the 3,0000 E1 version has a date June 28, 2007. Which is the latest version?

  6.x is the latest version. What you're talking about are simply patch levels. It is certainly possible that the versions 5.x and 6.x are both actively maintained (I was not paying much attention to 5.x since coming to 6.x). The press release or the patch 'most recent' is compared to the version of the software you are using. IOW, if 8,0000 E1 is released tomorrow, 3,0000 E1 is still the latest hotfix for customers running 6.x.

• connection to IPS with ASDM

  I do ASA5510 with IPS, the initial Setup. I can access the ASDM ASA. But when I click on the IPS tab in ASDM, it will retrieve the IP address of management of the IPS, but finally said 'unable to connect '.

  I tried same chaning IP using the CLI management, still no luck.

  Any ideas?

  Hello

  The SSM management interface is connected to your local network. At the back of the asa, where aip - ssm is plugged, you would see a management interface. This management interface should have a cable at your local lan switch or router. There must be a connectivity of LAN to the management interface so that info aip - ssm. has been found.

  Please note if help. :)

  Kind regards

  Sushil

• IME for version 6.0 of the IPS

  Hi, iam using the module AIP-SSM-10 in ASA 5510.

  my version of the ips is: 6.0 (6) and I want to use ips manager express (IME). I tried with version 6.1.1 and 7.0.2 IME, but both are not supported for the current version of ips.

  1. Please tell me which IME support for ips 6.0 (6) version.

  2. how to level my ips 6.0 version to the current version or higher.

  Please send me url links.

  1. the EMI version 7.0.2 supports IPS version 6.0.6 according file following IME 7.0.2 Readme:

  http://www.Cisco.com/Web/software/282829584/28797/IME-7.0-2.Readme.txt

  Only the new features of the EMI, including monitoring console, dashboard and integrated configuration, health are supported only on the sensors running IPS version 6.1 or later. However, all the other features on IPS 6.0.6 is supported on IME 7.0.2.

  2. you can update the IP addresses directly to version 7.0.2 (E4) using the upgrade package: IPS-K9-7, 0-2 - E4.pkg

  Hope that helps.

• no alarm of the IPS

  Hello

  We use the AIP-SSM-40, Version 7.0 (2) E4.

  Send us traffic from all the interfaces of the IPS. When we test with hamid 2004, we have no alarm.

  the ASA configuration is as follows:

  inside_mpc of access allowed any ip an extended list

  Interior-ip-class of the class-map
  corresponds to the inside_mpc access list

  Interior-ips-policy policy-map
  class internal ip class
  IPS inline help

  service inside Interior-ips-policy-policy interface

  on the AIP - SSM, the configuration is the following:

  signatures 2004 0
  high severity alert
  Atomic-ip engine
  event-action produce-alert|produce-verbose-alert|deny-attacker-inline|deny-connection-inline|deny-packet-inline
  Yes specify-l4-Protocol
  L4-icmp Protocol
  Specify-icmp-type no.

  What we should do to get the alarm?

  What do you mean alarm? Do you mean that you are not able to see the events triggered by signature # 2004?

  You can check what is the frequency of the alerts configured for this signature? The default value is "Summarize" every 30 seconds. You can change the frequency of the alerts to "All fires", if you use the #2004 signature for testing.

  In addition, you must send traffic across the ASA for traffic is inspected by the PPE.

  Finally, I'm assuming you already activated/assigned the virtual IPS (vs0) sensor for signature (sig0).

  Hope that helps.