Cisco Cisco IPS 4360 Sensor Libro blanco
44
Intrusion Prevention
August 2012 Series
44
Step 2:
Configure the LAN distribution switch interfaces that are connected
to the Cisco ASA management interface to allow access to the IPS module
for management.
for management.
interface GigabitEthernet
1/0/19
description
IPS-5545a
!
interface GigabitEthernet
2/0/19
description
IPS-5545b
!
interface range GigabitEthernet
1/0/19,
GigabitEthernet
2/0/19
switchport access vlan 300
switchport mode access
spanning-tree portfast
The IPS module and the Cisco ASA share the same physical port
for management traffic. In this deployment, the ASA is managed
in-band and the IPS, either module or appliance, is always man-
aged from the dedicated management port.
for management traffic. In this deployment, the ASA is managed
in-band and the IPS, either module or appliance, is always man-
aged from the dedicated management port.
Tech Tip
Procedure 2
Initialize the IPS module
When a Cisco ASA 5500 Series IPS Solution is initially deployed, the soft-
ware IPS module may not be initialized, resulting in the ASA firewall being
unaware of what code version to boot for the IPS module. This procedure
verifies the IPS module status and prepares for configuration completion.
ware IPS module may not be initialized, resulting in the ASA firewall being
unaware of what code version to boot for the IPS module. This procedure
verifies the IPS module status and prepares for configuration completion.
Step 1:
From the Cisco ASA command line interface, run the following
command.
IE-ASA5545X# sho module ips detail
Step 2:
If the status shown below is
Up
, then the IPS module software has
been loaded and you can skip to Procedure 3.
IE-ASA5545X# sho module ips detail
Getting details from the Service Module, please wait...
Card Type: ASA 5545-X IPS Security Services Processor
Model: ASA5545-IPS
Hardware version: N/A
Serial Number: FCH161170MA
Firmware version: N/A
Software version: 7.1(4)E4
MAC Address Range: c464.1339.a354 to c464.1339.a354
App. name: IPS
App. Status: Up
App. Status Desc: Normal Operation
App. version: 7.1(4)E4
Data Plane Status: Up
Status: Up
If the status shown is
Status: Unresponsive No Image Present
, then the
IPS module software has never been loaded. Continue to the next step.
IE-ASA5545X# sho module ips detail
Getting details from the Service Module, please wait...
Unable to read details from module ips
Card Type: Unknown
Model: N/A
Hardware version: N/A
Serial Number: FCH16097J3F
Firmware version: N/A
Software version:
MAC Address Range: c464.1339.2cf1 to c464.1339.2cf1
Data Plane Status: Not Applicable
Status: Unresponsive No Image Present
...