Filter
Top Products
18-12
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 18 Configuring the ASA 5500 AIP SSM
The Adaptive Security Appliance, ASA 5500 AIP SSM, and Bypass Mode
Step 12 Verify the settings.
asa# show running-config
Step 13 Exit and save the configuration.
For More Information
For more information on bypass mode, see The Adaptive Security Appliance, ASA 5500 AIP SSM, and
Bypass Mode, page 18-12.
The Adaptive Security Appliance, ASA 5500 AIP SSM, and
Bypass Mode
The following conditions apply to bypass mode configuration, the adaptive security appliance, and the
ASA 5500 AIP SSM.
The SensorApp Fails OR a Configuration Update is Taking Place
The following occurs when bypass is set to Auto or Off on the ASA IPS module:
• Bypass Auto—Traffic passes without inspection.
• Bypass Off—If the adaptive security appliance is configured for failover, then the adaptive security
appliance fails over.
If the adaptive security appliance is not configured for failover or failover is not possible:
–
If set to fail-open, the adaptive security appliance passes traffic without sending it to the
ASA IPS module.
–
If set to fail-close, the adaptive security appliance stops passing traffic until the ASA IPS
module is restarted or completes reconfiguration.
Note When bypass is set to On, traffic passes without inspection regardless of the state of the SensorApp.
The ASA 5500 AIP SSM Is Rebooted or Not Responding
The following occurs according to how the adaptive security appliance is configured for failover:
• If the adaptive security appliance is configured for failover, then the adaptive security appliance fails
over.
• If the adaptive security appliance is not configured for failover or failover is not possible:
–
If set to fail-open, the adaptive security appliance passes traffic without sending it to the
ASA IPS module.
–
If set to fail-close, the adaptive security appliance stops passing traffic until the ASA IPS
module is restarted.
For More Information
For more information on bypass mode, see Configuring Inline Bypass Mode, page 5-38.