Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 697
  • Last Modified:

Configuring an IPS Sensor on ASA 5520 with AIP-10

Hi,

We are in the process of installing the IPS sensor for the new ASA 5520 we bought.  The wizard in the ADSM and all the documentation point to an example IP address of 10.1.9.201/24 .

I wonder what IP I should use for this module.

This is my IP configuration:

Management Port: 20.1.1.1/24
Gigabit Ethernet 0/0: 172.16.0.14/23
Gigabit Ethernet 0/1: 206.x.x.106/29  (ISP assigned IP)
Giga3 and 4: Not used

Thanks,
RG


0
rgomez101
Asked:
rgomez101
  • 5
  • 5
1 Solution
 
prueconsultingCommented:
How are you planning to deploy.. Inline or promisc mode?

0
 
rgomez101Author Commented:
Promisc mode - Fail-open
0
 
prueconsultingCommented:
OK so it will be recieving a copy of the data then..

Ip address would probably be best suited for the management subnet since its going to just used for management via inline vlan tags etc.

0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
rgomez101Author Commented:
So, it should be in the same subnet as the Management ?

I am not using management right now. I just configured mgm as a backup.  I apply all the commands to the fw either with Telnet or ADSM.

RG
0
 
prueconsultingCommented:
Basically the only thing that its used for is to get access directly to the SSM when used in promisc mode ( ie. telnet ssh )

But if you go through the ASA it doesnt matter.

If it was being used in inline mode then you would configure it on an ip address on the network which it passes traffic to/from and use VLAN pairs.
0
 
rgomez101Author Commented:
So, ANY ip should work then.

RG
0
 
prueconsultingCommented:
Correct
0
 
rgomez101Author Commented:
"IP Address of the mgm port is unreachable. Check the mgm port setup and network connectivity before trying again."

Why ?  Is it because NOTHING is attached to the mgm port ?  not a switch, not a computer, nothing.

RG
0
 
prueconsultingCommented:
Yes this port would be in a link down / protocol down status .
It has to be a live reachable connection
0
 
rgomez101Author Commented:
I will install the cable tomorrow. If everything is ok I will award the points.

Thanks for the help so far.

RG
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now