Filter
Top Products
CHAPTER
20-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
20
Configuring the ASA 5585-X IPS SSP
This chapter contains procedures that are specific to configuring the ASA 5585-X IPS SSP. It contains
the following sections:
• ASA 5585-X IPS SSP Notes and Caveats, page 20-1
• Configuration Sequence for the ASA 5585-X IPS SSP, page 20-2
• Verifying Initialization for the ASA 5585-X IPS SSP, page 20-3
• Creating Virtual Sensors for the ASA 5585-X IPS SSP, page 20-4
• The ASA 5585-X IPS SSP and the Normalizer Engine, page 20-10
• The ASA 5585-X IPS SSP and Bypass Mode
• The ASA 5585-X IPS SSP and Jumbo Packets, page 20-11
• Reloading, Shutting Down, Resetting, and Recovering the ASA 5585-X IPS SSP, page 20-12
• Health and Status Information, page 20-13
• Traffic Flow Stopped on IPS Switchports, page 20-16
• Failover Scenarios, page 20-16
ASA 5585-X IPS SSP Notes and Caveats
The following notes and caveats apply to configuring the ASA 5585-X IPS SSP:
• The ASA 5585-X IPS SSP is supported in ASA 8.2(4.4) and later as well as ASA 8.4(2) and later.
It is not supported in ASA 8.3(x).
• All IPS platforms allow ten concurrent CLI sessions.
• Anomaly detection is disabled by default.
• The ASA 5585-X IPS SSP do not support CDP mode.
• The ASA 5585-X IPS SSP does not support the inline TCP session tracking mode.
• For the ASA 5585-X IPS SSP, normalization is performed by the adaptive security appliance and
not the IPS.
• The ASA 5585-X IPS SSP does not support bypass mode. The adaptive security appliance will
either fail open, fail close, or fail over depending on the configuration of the adaptive security
appliance and the type of activity being done on the IPS.
• The ASA 5585-X IPS SSP supports the String ICMP XL, String TCP XL, and String UDP XL
engines. These engines provide optimized operation for these platforms.