Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

5-5

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 5 Configuring Interfaces

Understanding Interfaces

For More Information

• For more information on supported interfaces, see Interface Support, page 5-7.

• For more information on interface modes, see Configuring Promiscuous Mode, page 5-20,

Configuring Inline Interface Pairs, page 5-21, Understanding Inline VLAN Pair Mode, page 5-25,

Understanding VLAN Group Mode, page 5-31, Configuring Inline Bypass Mode, page 5-38.

TCP Reset Interfaces

This section explains the TCP reset interfaces and when to use them. It contains the following topics:

• Understanding Alternate TCP Reset Interfaces, page 5-5

• Designating the Alternate TCP Reset Interface, page 5-6

Understanding Alternate TCP Reset Interfaces

You can configure sensors to send TCP reset packets to try to reset a network connection between an

attacker host and its intended target host. In some installations when the interface is operating in

promiscuous mode, the sensor may not be able to send the TCP reset packets over the same sensing

interface on which the attack was detected. In such cases, you can associate the sensing interface with

an alternate TCP reset interface and any TCP resets that would otherwise be sent on the sensing interface

when it is operating in promiscuous mode are instead sent out on the associated alternate TCP reset

interface.

If a sensing interface is associated with an alternate TCP reset interface, that association applies when

the sensor is configured for promiscuous mode but is ignored when the sensing interface is configured

for inline mode. any sensing interface can serve as the alternate TCP reset interface for another sensing

interface.

Note There is only one sensing interface on the ASA IPS modules (ASA 5500 AIP SSM,

ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP), so you cannot designate an alternate TCP reset

interface.

Table 5-2 lists the alternate TCP reset interfaces.

Table 5-2 Alternate TCP Reset Interfaces

Sensor Alternate TCP Reset Interface

ASA 5500 AIP SSM-10 None

ASA 5500 AIP SSM-20 None

ASA 5500 AIP SSM-40 None

ASA 5512-X IPS SSP None

ASA 5515-X IPS SSP None

ASA 5525-X IPS SSP None

ASA 5545-X IPS SSP None

ASA 5555-X IPS SSP None

ASA 5585-X IPS SSP-10 None

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual