EasyManua.ls Logo

Cisco ASA 5540

Cisco ASA 5540
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
54-8
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 54 Configuring the IPS Application on the AIP SSM and SSC
Configuring the AIP SSM/SSC
Step 9 Change to each context to configure the IPS security policy as described in “Diverting Traffic to the AIP
SSM/SSC” section on page 54-8.
What to Do Next
Change to each context to configure the IPS security policy as described in “Diverting Traffic to the AIP
SSM/SSC” section on page 54-8.
Diverting Traffic to the AIP SSM/SSC
This section identifies traffic to divert from the adaptive adaptive security appliance to the AIP
SSM/SSC.
Prerequisites
In multiple context mode, perform these steps in each context execution space.
Detailed Steps
Step 1 In the ASDM Device List pane, double-click the context name under the active device IP address >
Contexts.
Step 2 Click Configuration > Firewall > Service Policy Rules.
Step 3 You can edit an existing rule or create a new one:
For an existing rule, choose the rule and click Edit.
The Edit Service Policy Rule dialog box appears.
For a new rule, choose Add > Add Service Policy Rule.
The Add Service Policy Rule Wizard - Service Policy dialog box appears. Complete the Service
Policy and Traffic Classification Criteria dialog boxes. See the Adding a Service Policy Rule for
Through Traffic” section on page 29-8 for more information. Click Next to show the Add Service
Policy Rule Wizard - Rule Actions dialog box.
Step 4 Click the Intrusion Prevention tab.
You can also set other feature actions for the same traffic using the other tabs.
Step 5 Check the Enable IPS for this traffic flow check box.
Step 6 In the Mode area, click Inline Mode or Promiscuous Mode.
See the “Operating Modes” section on page 54-2 for more details.
Step 7 In the If IPS Card Fails area, click Permit traffic or Close traffic.
The Close traffic option sets the adaptive security appliance to block all traffic if the AIP SSM/SSC is
unavailable.
The Permit traffic option sets the adaptive security appliance to allow all traffic through, uninspected, if
the AIP SSM/SSC is unavailable.
Step 8 (AIP SSM Only) From the IPS Sensor to use drop-down list, choose a virtual sensor name.

Table of Contents

Other manuals for Cisco ASA 5540

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Getting Started Guide
Getting Started Guide208 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages

Related product manuals