Cisco Cisco ASA for Nexus 1000V Series Switch 기술 매뉴얼
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
ciscoasa#show module
Mod Card Type Model Serial No.
−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−−−
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX0935K040
1 ASA 5500 Series Security Services Module−10 ASA−SSM−10 JAB09440271
Mod MAC Address Range Hw Version Fw Version Sw Version
−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−−−−−−
0 0012.d948.e912 to 0012.d948.e916 1.0 1.0(10)0 8.0(2)
1 0013.c480.cc18 to 0013.c480.cc18 1.0 1.0(10)0 6.1(2)E3
Mod SSM Application Name Status SSM Application Version
−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−
1 IPS Up 6.1(2)E3
Mod Status Data Plane Status Compatibility
−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−
0 Up Sys Not Applicable
1 Up Up
!−−− Each of the areas highlighted indicate that
!−−− the ASA recognizes the AIP−SSM and the AIP−SSM status is up.
show run
ciscoasa#show run
!−−− Output is suppressed.
access−list traffic_for_ips extended permit ip any any
...
class−map ips_class_map
match access−list traffic_for_ips
...
policy−map global_policy
...
class ips_class_map
ips inline fail−open
...
service−policy global_policy global
!−−− Each of these lines are needed
!−−− in order to send data to the AIP−SSM.
•
show access−listShows the counters for an access−list.
ciscoasa#show access−list traffic_for_ips
access−list traffic_for_ips; 1 elements
access−list traffic_for_ips line 1 extended permit ip any any (hitcnt=2) 0x9bea7286
!−−− Confirms the access−list displays a hit count greater than zero.
•
Before you install and use the AIP−SSM, does network traffic pass through the ASA as expected? If not, it
can be necessary to troubleshoot the network and ASA access policy rules.
can be necessary to troubleshoot the network and ASA access policy rules.
Problems with Failover
If you have two ASAs in a failover configuration and each has an AIP−SSM, you must manually
replicate the configuration of the AIP−SSMs. Only the configuration of the ASA is replicated by the
failover mechanism. The AIP−SSM is not included in the failover. Refer to PIX/ASA 7.x
Active/Standby Failover Configuration Example for more information on Failover problems.
replicate the configuration of the AIP−SSMs. Only the configuration of the ASA is replicated by the
failover mechanism. The AIP−SSM is not included in the failover. Refer to PIX/ASA 7.x
Active/Standby Failover Configuration Example for more information on Failover problems.
•