Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring AIP-10 module

Status
Not open for further replies.
lhatwwp

lhatwwp

Technical User
Joined
Oct 23, 2007
Messages
79
Location
US
Hello,

I have had an ASA 5510 for a couple years now. Recently there is a push to have IPS services. I'm thinking of installing an AIP-10 module. Which brings me to a couple questions.

1) Is there a "good, simple" document that details the configuration of the AIP-10 module?

2) Can I configure the AIP module to send emails in the event of an attempted intrusion?

3) Is there anything I should look out for or consider before purchasing a AIP module?

Thanks,
Lou
 
Sort by date Sort by votes
1) The AIP SSM is really just an IPS Appliance on a card in the ASA. Nearly all the documentation that applies to the IPS Appliances applies to the AIP-SSM.

Sadly, I don't think there are "simple" docs pertaining to IPS configuration. In addition to checking out the links below, I recommend the Cisco Press book for the IPS exam of the CCSP.

Config guides:

A basic setup from our blog, written by Joe:

Having said that things are the same, there are some peculiar differences to note:

1a) The AIP module can only see traffic that crosses the backplane of the ASA, so you can only inspect traffic that goes from one interface to another. In order to inspect that traffic, you either need to divert it or mirror it to the AIP module. This is a good simple document:

ASA: Send Network Traffic from the ASA to the AIP SSM Configuration Example

1b) Unlike a normal IPS appliance, the AIP SSM only has one "interface", the backplane connection to the ASA. This is the only one you can configure.

-----

2) The AIP module itself cannot send an email alert. You can send SNMP traps, though:

Or you can use software like Cisco Security Monitor to do this. Here's an older link, but it shows the idea:

-----

3) I don't think there's anything in particular that you should "watch out" for with the AIP.

One general comment about the IPS: It can be noisy. Be prepared to get flooded with alerts and spend time tuning it to suit your environment.

Matt
CCIE Security
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

acabezas2014
  • Locked
  • Question Question
Configuring ASA for Network Segmentation
Replies
1
Views
556
acabezas2014
acabezas2014
skk391
  • Locked
  • Question Question
Configuring ASA behind ADSL router
Replies
0
Views
224
skk391
skk391
desrose
  • Locked
  • Question Question
snort rules alert for maximum tcp connection of 10
Replies
1
Views
292
kjv1611
kjv1611
J001
  • Locked
  • Question Question
Configuring ASA IPSEC Tunnels
Replies
4
Views
343
J001
J001
cwhite432
  • Locked
  • Question Question
Sonicwall TZ 105 application bandwidth management
Replies
1
Views
242
cwhite432
cwhite432

Part and Inventory Search

Sponsor

Back
Top