We help IT Professionals succeed at work.

Cisco ASA 5515 - Configure IPS on another port

Dear Experts,

I have a question regarding a Cisco 5515 IPS configuration.
In the default setup the IPS is configured on management port 0/0.

I have two question.

- is it possible to configure this IPS on another port? like for example fastethernet 0/1 (nameif = inside)?
- and is it possible to manage the IPS from outside? on the external IP Adres?

How can i configure this? can you give me an example? CLI commands or gui?

Thanks in advance.

Robin
Comment
Watch Question

Salah Eddine ELMRABETTechnical Lead Manager (Owner)

Commented:
Hi Robin,

To manage your ASA from outside, you have two choice:

Enable management on the outside interface using ASDM (GUI using HTTP) and SSH
Configure a remote access VPN and manage the ASA as you did from Inside

You have to note that only one management interface can be chosen.

There is another question in EE talking about remotely manage ASA, witch you can access here: http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_27410836.html

For IPS configuration, please refer to the following:

Cisco ASA IPS Module Quick Start Guide  

Configuring the ASA 5500-X IPS SSP

Configuring the IPS Module:

Best Regards.

Salah
jav_sevenofnineIT Consultant

Author

Commented:
Dear Salah,

thanks for your comment.
Accessing the ASA from outside isn't the problem.
When i open the asa with ASDM. and click on the IPS button on the left side. it cant connect. because it's only accessible from the management interface on the same subnet.
I want to manage the IPS when i am on the inside network but also on the outside interface :)

Thanks for you help so far.

Any suggestions?

Kind Regards.

Robin
Technical Lead Manager (Owner)
Commented:
Hi Robin

So in this case you have to configure VPN using IP pool from the same IPS management interface subnet, then when you want to manage the IPS remotely you will establish the VPN connection and you computer will act as management interface network member, then you can manage the ASA using the Internal management IP.

Best Regards.

Salah
jav_sevenofnineIT Consultant

Author

Commented:
Thanks!