Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

20-11

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 20 Configuring the ASA 5585-X IPS SSP

The ASA 5585-X IPS SSP and Bypass Mode

• 1330.18

For More Information

For detailed information about the Normalizer engine, see Normalizer Engine, page B-37.

The ASA 5585-X IPS SSP and Bypass Mode

The ASA 5585-X IPS SSP does not support bypass mode. The adaptive security appliance will either

fail open, fail close, or fail over depending on the configuration of the adaptive security appliance and

the type of activity being done on the ASA 5585-X IPS SSP.

The SensorApp Fails

The following occurs when the SensorApp fails:

• If the adaptive security appliance is configured for failover, then the adaptive security appliance fails

over.

• If the adaptive security appliance is not configured for failover or failover is not possible:

–

If set to fail-open, the adaptive security appliance passes traffic without sending it to the

ASA IPS module.

–

If set to fail-close, the adaptive security appliance stops passing traffic until the ASA IPS

module is restarted.

The SensorApp is Reconfigured

The following occurs when the SensorApp is reconfigured:

• If set to fail-open, the adaptive security appliance passes traffic without sending it to the ASA IPS

module.

• If set to fail-close, the adaptive security appliancestops passing traffic until the ASA IPS module is

restarted.

Note The adaptive security appliance does not failover unless the reconfiguration is not completed.

The ASA 5585-X IPS SSP and Jumbo Packets

The jumbo packet count in the show interface command output from the lines Total Jumbo Packets

Received

and Total Jumbo Packets Transmitted for ASA IPS modules may be larger than expected

due to some packets that were almost jumbo size on the wire being counted as jumbo size by the IPS.

This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted

to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The

ASA removes the added IPS header before the packet leaves the ASA.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual