dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
680
share rss forum feed


TedII

@ygnition.net

ASA sending traffic to IPS module

HI guys,

I just need to pick the brains of experts around. Here i am about to deploy my very first ASA with AIP-SSM10 module, I have the ASA well enough good to go, I just want to have the ASA sending traffic to the AIP-SSM10 for inspections.

access-list IPS_TRAFFIC extended permit ip any 192.168.0.0 255.255.252.0
!
class-map LAN_IPS_TRAFFIC
match access-list IPS_TRAFFIC
!
policy-map LAN_IPS_POLICY
class LAN_IPS_TRAFFIC
ips inline fail-open
!
service-policy LAN_IPS_POLICY interface inside
 

I'm aware that i could do this on the global policy level! I don't want to i want to do this on interface basis. I though about doing an acl that would permit ip any any.....but that would be useless for a firewall.

Please i would appreciate any suggestions as to how i could achieve this.

Thanks guys.

TedII

HELLFIRE
Premium
join:2009-11-25
kudos:18
What interface(s) do you have on your ASA and which interface(s) need the IPS policy applied?

I'd start with this guide on how to set up IPS, with focus on the Config Examples to see if something can be adapted.

Regards


TedII

@ygnition.net
Thanks Hell I do appreciate!

HELLFIRE
Premium
join:2009-11-25
kudos:18
Happy to help TedII.

Cheers and Regards