EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Getting Started Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #178 background imageLoading...
Page #178 background image
Chapter 13 Configuring the AIP SSM
Configuring the AIP SSM
13-12
Cisco ASA 5500 Series Getting Started Guide
78-19186-01
Step 2 To add or edit a policy map that sets the action to divert traffic to the AIP SSM,
enter the following commands:
hostname(config)# policy-map name
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
where the class_map_name is the class map from Step 1.
For example:
hostname(config)# policy-map IPS
hostname(config-pmap)# class IPS
Step 3 To divert the traffic to the AIP SSM, enter the following command:
hostname(config-pmap-c)# ips {inline | promiscuous} {fail-close |
fail-open} [sensor {sensor_name | mapped_name}]
where the inline and promiscuous keywords control the operating mode of the
AIP SSM. See the
“Operating Modes” section on page 13-3 for more details.
The fail-close keyword sets the adaptive security appliance to block all traffic if
the AIP SSM is unavailable.
The fail-open keyword sets the adaptive security appliance to allow all traffic
through, uninspected, if the AIP SSM is unavailable.
If you use virtual sensors on the AIP SSM, you can specify a sensor name using
the sensor sensor_name argument. To see available sensor names, enter the ips ...
sensor ? command. Available sensors are listed. You can also use the show ips
command. If you use multiple context mode on the adaptive security appliance,
you can only specify sensors that you assigned to the context (see the
Assigning
Virtual Sensors to Security Contexts” section on page 13-9). Use the
mapped_name if configured in the context. If you do not specify a sensor name,
then the traffic uses the default sensor. In multiple context mode, you can specify
a default sensor for the context. In single mode or if you do not specify a default
sensor in multiple mode, the traffic uses the default sensor that is set on the AIP
SSM. If you enter a name that does not yet exist on the AIP SSM, you get an error,
and the command is rejected.
Step 4 (Optional) To divert another class of traffic to the AIP SSM, and set the IPS policy,
enter the following commands:
hostname(config-pmap-c)# class class_map_name2
hostname(config-pmap-c)# ips {inline | promiscuous} {fail-close |
fail-open} [sensor sensor_name]

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals