Filter
Top Products
CHAPTER
18-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
18
Configuring the ASA 5500 AIP SSM
This chapter contains procedures that are specific to configuring the ASA 5500 AIP SSM. It contains the
following sections:
• ASA 5500 AIP SSM Notes and Caveats, page 18-1
• ASA 5500 AIP SSM Configuration Sequence, page 18-2
• Verifying ASA 5500 AIP SSM Initialization, page 18-3
• Creating Virtual Sensors for the ASA 5500 AIP SSM, page 18-4
• Sending Traffic to the ASA 5500 AIP SSM, page 18-10
• The Adaptive Security Appliance, ASA 5500 AIP SSM, and Bypass Mode, page 18-12
• The ASA 5500 AIP SSM and the Normalizer Engine, page 18-13
• ASA 5500 AIP SSM Failover Scenarios, page 18-13
• The ASA 5500 AIP SSM and the Data Plane, page 18-15
• The ASA 5500 AIP SSM and Jumbo Packets, page 18-15
• Reloading, Shutting Down, Resetting, and Recovering the ASA 5500 AIP SSM, page 18-15
• New and Modified Commands, page 18-16
ASA 5500 AIP SSM Notes and Caveats
The following notes and caveats apply to configuring the ASA 5500 AIP SSM:
• All IPS platforms allow ten concurrent CLI sessions.
• Cisco Adaptive Security Appliance Software 7.2.3 or later supports virtualization.
• The allocate-ips command does not apply to single mode. In this mode, the adaptive security
appliance accepts any virtual sensor named in a policy-map command.
• Anomaly detection is disabled by default in IPS 7.1(2)E4 and later. You must enable it to configure
or apply an anomaly detection policy. Enabling anomaly detection results in a decrease in
performance.
• You cannot allocate the same virtual sensor twice in a context.
• You can only configure one default virtual sensor per context. You must turn off the default flag of
an existing default virtual sensor before you can designate another virtual sensor as the default.