Filter
Top Products
18-11
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 18 Configuring the ASA 5500 AIP SSM
Sending Traffic to the ASA 5500 AIP SSM
Step 4 Define an IPS class map to identify the traffic you want to send to ASA 5500 AIP SSM.
asa(config)# class-map class_map_name
Example
asa(config)# class-map ips_class
Note You can create multiple traffic class maps to send multiple traffic classes to
ASA 5500 AIP SSM.
Step 5 Specify the traffic in the class map.
asa(config-cmap)# match parameter
Example
asa(config-cmap)# match [access-list | any]
Step 6 Add an IPS policy map that sets the actions to take with the class map traffic.
asa(config-cmap)# policy-map policy_map_name
Example
asa(config-cmap)# policy-map ips_policy
Step 7 Identify the class map you created in Step 4.
asa(config-pmap)# class class_map_name
Example
asa(config-pmap)# class ips_class
Step 8 Assign traffic to ASA 5500 AIP SSM.
asa(config-pmap-c)# ips {inline | promiscuous] [fail-close | fail-open}
Example
asa(config-pmap-c)# ips promiscuous fail-close
Step 9 (Optional) If you created multiple traffic class maps for IPS traffic, you can specify another class.
asa(config-pmap)# class class_map_name_2
Example
asa(config-pmap)# class ips_class_2
Step 10 (Optional) Specify the second class of traffic to send to ASA 5500 AIP SSM.
asa(config-pmap-c)# ips {inline | promiscuous] [fail-close | fail-open}
Example
asa(config-pmap-c)# ips promiscuous fail-close
Step 11 Activate the IPS service policy map on one or more interfaces.
asa(config)# service-policy policymap_name {global | interface interface_name}
Example
asa(config)# service-policy tcp_bypass_policy outside