CHAPTER
19-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
19
Configuring the ASA 5500-X IPS SSP
This chapter contains procedures that are specific to configuring the ASA 5500-X IPS SSP. It contains
the following sections:
• Notes and Caveats for ASA 5500-X IPS SSP, page 19-1
• Configuration Sequence for the ASA 5500-X IPS SSP, page 19-2
• Verifying Initialization for the ASA 5500-X IPS SSP, page 19-3
• Creating Virtual Sensors for the ASA 5500-X IPS SSP, page 19-3
• TCP Reset Differences Between IPS Appliances and ASA IPS Modules, page 19-9
• Reloading IPS Messages, page 19-9
• ASA 5500-X IPS SSP Default Gateway, page 19-10
• Promiscuous Mode and Under Runs, page 19-10
• The ASA 5500-X IPS SSP and Bypass Mode, page 19-10
• The ASA 5500-X IPS SSP and the Normalizer Engine, page 19-11
• The ASA 5500-X IPS SSP and Memory Usage, page 19-12
• The ASA 5500-X IPS SSP and Jumbo Packets, page 19-12
• Reloading, Shutting Down, Resetting, and Recovering the ASA 5500-X IPS SSP, page 19-12
• Health and Status Information, page 19-13
• ASA 5500-X IPS SSP Failover Scenarios, page 19-15
• New and Modified Commands, page 19-16
Notes and Caveats for ASA 5500-X IPS SSP
The following notes and caveats apply to configuring the ASA 5500-X IPS SSP:
• The ASA 5500-X IPS SSP is supported in ASA 8.6.1 and later.
• For the ASA 5500-X IPS SSP, normalization is performed by the adaptive security appliance and
not the IPS.
• The ASA 5500-X IPS SSP does not support the inline TCP session tracking mode.
• The ASA 5500-X IPS SSP does not support CDP mode.
• Anomaly detection is disabled by default.