Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
62-10
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 62 Configuring the ASA IPS Module
Configuring the ASA IPS module
(ASA 5510 and Higher) Configuring Basic Network Settings
In single context mode, you can use the Startup Wizard in ASDM to configure basic IPS network
configuration. These settings are saved to the IPS configuration, not the ASA configuration.
In multiple context mode, session to the module from the ASA and configure basic settings using the
setup command.
Note (ASA 5512-X through ASA 5555-X) If you do not see the IPS Basic Configuration screen in your
wizard, then the IPS module is not running. See the “(ASA 5512-X through ASA 5555-X) Installing the
Software Module” section on page 62-12, and then repeat this procedure after you install the module.
Detailed Steps—Single Mode
Step 1 Choose Wizards > Startup Wizard.
Step 2 Click Next to advance through the initial screens until you reach the IPS Basic Configuration screen.
Step 3 In the Network Settings area, configure the following:
IP Address—The management IP address. By default, the address is 192.168.1.2.
Subnet Mask—The subnet mask for the management IP address.
Gateway—The IP address of the upstream router. By default, this IP address is the ASA
management IP address, 192.168.1.1. You may need to change the default gateway to be an upstream
router instead of the ASA management interface. By default (and for the ASA 5500-X at all times),
the ASA management interface does not allow through-traffic, so traffic destined to another network
is not allowed through the ASA.
HTTP Proxy Server—(Optional) The HTTP proxy server address. You may need a proxy server to
download global correlation updates if your network uses proxy.
HTTP Proxy Port—(Optional) The HTTP proxy server port.
DNS Primary—(Optional) The primary DNS server address. If you are using a DNS server, you
must configure at least one DNS server and it must be reachable for global correlation updates to be
successful.
For global correlation to function, you must have either a DNS server or an HTTP proxy server
configured at all times. DNS resolution is supported only for accessing the global correlation update
server.
Step 4 In the Management Access List area, enter an IP address and subnet mask for any hosts that are allowed
to access the IPS management interface, and click Add. You can add multiple IP addresses.
Step 5 In the Cisco Account Password area, set the password for the username cisco and confirm it. The
username cisco and this password are used for Telnet sessions from hosts specified by the management
access list and when accessing the IPS module from ASDM (Configuration > IPS). By default, the
password is cisco.
Step 6 In the Network Participation area, which you use to have the IPS module participate in SensorBase data
sharing, click Full, Partial, or Off.