Icmp unreachable rate-limit 1 burst-size 1Īccess-group acl_outside_in in interface outsideĪccess-group acl_inside_in in interface inside
I try to reset, reload and unplug/plug the module but it don't work.Įnable password Uonv5zOz/3IVv5nJ encryptedĪccess-list OUT-TO-DMZ extended permit tcp any host 10.1.1.2 eq smtpĪccess-list OUT-TO-DMZ extended permit tcp any host 10.1.1.2 eq acl_inside_in extended permit ip 10.2.2.0 255.255.255.0 anyĪccess-list acl_dmz_in extended permit icmp 10.3.3.0 255.255.255.0 anyĪccess-list traffic_for_ips extended permit ip any any It show me the error "Error connecting sensor. I can use ASDM to manage ASA 5520 but cannot login to IPS (in IPS or Intrusion Prevension tab). My device is Cisco ASA 5520 with AIP SSM-10. If you would like to use the same subnet to manage both the ASA and the IPS, then you would need to disable "management-only" on ASA management0/0 interfaceĢ - Yes, you would need to allow your VPN pool subnet on the IPS if you would like to manage it via VPN.ģ - On IPS module, the only way you can manage it is via that port on the module, currently with ip address 192.168.1.2, and can only be managed via that port.Ĥ - Not really, the same way as you access any other hosts connected to the same subnet. Since your ASA management0/0 is configured with "management-only", you can't use that same subnet to manage the IPS because the management interface does not pass through traffic but only terminate traffic on that interface for management. You would need to manage the IPS via the management port which should be connected to your network.
Even if you are managing it through the ASDM, essentially the ASDM just give you link to the IDM from your PC ip address.
Here is the IPS current configuration (got via SSH):ġ - No, you can't use the backplane of the ASA to manage the IPS.
If you need more details, just let me know. If so, which port (management or another)? My VPN connection will come from the WAN.Ģ- What IP address should the IPS use if my VPN address pool is 172.16.1.100-199 ?ģ- What should be my Management Access Interface? Right now it's the "management" port.Ĥ- Any specific firewall rules need to access the IPS? This won't work in my production environment since it's off-site.ġ- How should the network cables be physically connected once in production? Is there a way to manage the IPS with ASDM using the internal backplane or do I absolutely need to have the IPS's management port connected to some other ASA's port via a router. The only way I managed to get access to the IPS tab was by having the ASA's management port, the SSM's management port and my PC all connected on the same switch. What I am trying to achieve ultimately is this : administrate the whole ASA via a VPN connection coming from the WAN. If I SSH to the ASA, I can do "asa# session 1" to access the SSM, so I know it's there and up. I always get a message stating :"Error connecting to sensor. I can access ASDM for the firewall management via VPN, but I cannot access the IPS tab to manage the SSM-10 module. Hi experts, I'm very new to ASA5520 configuration (I use ASDM GUI mainly) Here's my problem as clearly as I can explain it::