1-16
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the ASA IPS Module
Configuring the ASA IPS module
Detailed Steps
Step 1 Access the ASA IPS module CLI using one of the following methods:
• Session from the ASA to the ASA IPS module. See the “Sessioning to the Module from the ASA”
section on page 1-11.
• Connect to the IPS management interface using SSH. If you did not change it, the default
management IP address is 192.168.1.2. The default username is cisco, and the default password is
cisco. See the “Information About Management Access” section on page 1-4 for more information
about the management interface.
Step 2 Configure the IPS security policy according to the IPS documentation.
To access all documents related to IPS, go to:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_documentation_roadmaps_list.ht
ml
Step 3 (ASA 5510 and higher) If you configure virtual sensors, you identify one of the sensors as the default.
If the ASA does not specify a virtual sensor name in its configuration, the default sensor is used.
Step 4 When you are done configuring the ASA IPS module, exit the IPS software by entering the following
command:
sensor# exit
If you sessioned to the ASA IPS module from the ASA, you return to the ASA prompt.
What to Do Next
• For the ASA in multiple context mode, see the “Assigning Virtual Sensors to a Security Context
(ASA 5510 and Higher)” section on page 1-16.
• For the ASA in single context mode, see the “Diverting Traffic to the ASA IPS module” section on
page 1-18.
Assigning Virtual Sensors to a Security Context (ASA 5510 and Higher)
If the ASA is in multiple context mode, then you can assign one or more IPS virtual sensors to each
context. Then, when you configure the context to send traffic to the ASA IPS module, you can specify a
sensor that is assigned to the context; you cannot specify a sensor that you did not assign to the context.
If you do not assign any sensors to a context, then the default sensor configured on the ASA IPS module
is used. You can assign the same sensor to multiple contexts.
Note You do not need to be in multiple context mode to use virtual sensors; you can be in single mode and use
different sensors for different traffic flows.
Prerequisites
For more information about configuring contexts, see the “Configuring Multiple Contexts” section on
page 1-15.
To Next Page
Loading...
Need help?
General
