Cisco Systems ASA 5580 Manual De Usuario
31-8
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 31 Configuring the ASA IPS Module
Configuring the ASA IPS module
Connecting the ASA IPS Management Interface
In addition to providing management access to the IPS module, the IPS management interface needs
access to an HTTP proxy server or a DNS server and the Internet so it can download global correlation,
signature updates, and license requests. This section describes recommended network configurations.
Your network may differ.
access to an HTTP proxy server or a DNS server and the Internet so it can download global correlation,
signature updates, and license requests. This section describes recommended network configurations.
Your network may differ.
•
•
•
ASA 5510, ASA 5520, ASA 5540, ASA 5580, ASA 5585-X (Hardware Module)
The IPS module includes a separate management interface from the ASA.
If you have an inside router
If you have an inside router, you can route between the management network, which can include both
the ASA Management 0/0 and IPS Management 1/0 interfaces, and the ASA inside network. Be sure to
also add a route on the ASA to reach the Management network through the inside router.
the ASA Management 0/0 and IPS Management 1/0 interfaces, and the ASA inside network. Be sure to
also add a route on the ASA to reach the Management network through the inside router.
ASA 5585-X
PWR
BOO
T
ALARM AC
T
VPN
PS1
HDD1
PS0
HDD0
USB
RESET
0
SFP1
SFP0
1
0
1
2
3
4
5
6
7
MGMT
0
1
AUX
CONSOLE
PWR
BOO
T
ALARM AC
T
VPN
PS1
HDD1
PS0
HDD0
USB
RESET
0
SFP1
SFP0
1
0
1
2
3
4
5
6
7
MGMT
0
1
AUX
CONSOLE
ASA Management 0/0
Default IP: 192.168.1.1
Default IP: 192.168.1.1
IPS Management 1/0
Default IP: 192.168.1.2
SSP
IPS SSP
334656
ASA Management 0/0
Internet
Management PC
Proxy or DNS Server (for example)
Router
ASA
IPS Management 1/0
Outside
IPS
Management
Inside
IPS Default
Gateway
ASA gateway for Management
334658