Cisco Cisco ASA 5555-X Adaptive Security Appliance Guía De Instalación
3
The following figure shows the traffic flow when running the IPS module in inline mode. In this
example, the IPS module automatically blocks traffic that it identified as an attack. All other traffic is
forwarded through the ASA.
example, the IPS module automatically blocks traffic that it identified as an attack. All other traffic is
forwarded through the ASA.
2
Connecting the ASA IPS Management Interface
In addition to providing management access to the IPS module, the IPS management interface needs
access to an HTTP proxy server or a DNS server and the Internet so it can download global
correlation, signature updates, and license requests. This section describes recommended network
configurations. Your network may differ.
access to an HTTP proxy server or a DNS server and the Internet so it can download global
correlation, signature updates, and license requests. This section describes recommended network
configurations. Your network may differ.
ASA 5510, ASA 5520, ASA 5540, ASA 5580, ASA 5585-X
(Physical Module)
(Physical Module)
The IPS module includes a separate management interface from the ASA.
ASA
Main System
IPS
Diverted Traffic
IPS inspection
VPN
Decryption
Firewall
Policy
Block
inside
outside
ASA 5585-X
PWR
BOO
T
ALARM AC
T
VPN
PS
1
HDD1
PS
0
HDD0
USB
RESET
0
SFP1
SFP0
1
0
1
2
3
4
5
6
7
MGMT
0
1
AUX
CONSOLE
PWR
BOO
T
ALARM AC
T
VPN
PS
1
HDD1
PS
0
HDD0
USB
RESET
0
SFP1
SFP0
1
0
1
2
3
4
5
6
7
MGMT
0
1
AUX
CONSOLE
ASA Management 0/0
Default IP: 192.168.1.1
Default IP: 192.168.1.1
IPS Management 1/0
Default IP: 192.168.1.2
SSP
IPS SSP
334656