Cisco Cisco ASA for Nexus 1000V Series Switch 기술 매뉴얼

ciscoasa#show module

Mod Card Type                                    Model              Serial No. 

−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−−−

  0 ASA 5510 Adaptive Security Appliance         ASA5510            JMX0935K040

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version     

−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−−−−−−

  0 0012.d948.e912 to 0012.d948.e916  1.0          1.0(10)0     8.0(2)

  1 0013.c480.cc18 to 0013.c480.cc18  1.0          1.0(10)0     6.1(2)E3

Mod SSM Application Name           Status           SSM Application Version

−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−

Mod Status             Data Plane Status     Compatibility

−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−

  0 Up Sys             Not Applicable         

ciscoasa#show run

access−list traffic_for_ips extended permit ip any any 

...

class−map ips_class_map

 match access−list traffic_for_ips

...

policy−map global_policy

... 

class ips_class_map

  ips inline fail−open

...

service−policy global_policy global

• 

show access−listShows the counters for an access−list.

ciscoasa#show access−list traffic_for_ips

access−list traffic_for_ips; 1 elements

access−list traffic_for_ips line 1 extended permit ip any any (hitcnt=2) 0x9bea7286

• 

Before you install and use the AIP−SSM, does network traffic pass through the ASA as expected? If not, it
can be necessary to troubleshoot the network and ASA access policy rules.

If you have two ASAs in a failover configuration and each has an AIP−SSM, you must manually
replicate the configuration of the AIP−SSMs. Only the configuration of the ASA is replicated by the
failover mechanism. The AIP−SSM is not included in the failover. Refer to PIX/ASA 7.x
Active/Standby Failover Configuration Example for more information on Failover problems.

•