Cisco Cisco IPS 4520 Sensor Libro bianco
45
Intrusion Prevention
August 2012 Series
45
Step 3:
Verify you have the correct IPS image on the Cisco ASA firewall
disk0:
.
IE-ASA5545X# dir
Directory of disk0:/
113 -rwx 34523136 16:55:06 Apr 19 2012 asa861-smp-k8.
bin
114 -rwx 42637312 16:57:00 Apr 19 2012 IPS-SSP_5545-
K9-sys-1.1-a-7.1-4-E4.aip
115 -rwx 17851400 16:57:32 Apr 19 2012 asdm-66114.bin
123 -rwx 34523136 13:40:30 May 22 2012 asa861-1-
smp-k8.bin
Step 4:
Configure the IPS module to load the software on
disk0:
and then
boot with that software.
IE-ASA5545X# sw-module module ips recover configure image
disk0:/IPS-SSP_5545-K9-sys-1.1-a-7.1-4-E4.aip
IE-ASA5545X# sw-module module ips recover boot
Module ips will be recovered. This may erase all configuration
and all data on that device and attempt to download/install a
new image for it. This may take several minutes.
Recover module ips? [confirm]
y
Recover issued for module ips.
Step 5:
After a few minutes, run the following command, and then verify that
the module status is Up.
Show module ips detail
Procedure 3
Complete the initial setup
The initial setup will involve configuring each IPS device (module or appli-
ance with the initial networking information to allow the use of the GUI to
complete the configuration.
ance with the initial networking information to allow the use of the GUI to
complete the configuration.
Table 6 - IPS device configuration
Internet Edge IPS
Distribution IDS
Device Type
Software module
Appliance
Hostname
IPS-5545a&b
IDS-4300
IP Address
10.4.24.27&.28
10.4.32.171
Network Mask
255.255.255.224
255.255.255.192
Default Gateway
10.4.24.1
10.4.32.129
Location
Internet Edge distribution
switch
switch
WAN aggregation
distribution switch
distribution switch
Step 1:
If you are using the Cisco ASA 5545-X, log into the ASA appliance,
and then access the IPS module by issuing the following command.
ASA5545# session ips
Opening command session with module ips.
Connected to module ips. Escape character sequence is ‘CTRL-
^X’.
If you are using a Cisco IPS 4x00 Series appliance, open a CLI session on
the sensor’s console port.
the sensor’s console port.