Filter
Top Products
CHAPTER
62-1
Cisco ASA 5500 Series Configuration Guide using ASDM
62
Configuring the ASA IPS Module
This chapter describes how to configure the ASA IPS module. The ASA IPS module might be a physical
module or a software module, depending on your ASA model. For a list of supported ASA IPS modules
per ASA model, see the Cisco ASA Compatibility Matrix:
http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html
This chapter includes the following sections:
• Information About the ASA IPS module, page 62-1
• Licensing Requirements for the ASA IPS module, page 62-5
• Guidelines and Limitations, page 62-5
• Default Settings, page 62-6
• Configuring the ASA IPS module, page 62-6
• Monitoring the ASA IPS module, page 62-17
• Troubleshooting the ASA IPS module, page 62-17
• Feature History for the ASA IPS module, page 62-22
Information About the ASA IPS module
The ASA IPS module runs advanced IPS software that provides proactive, full-featured intrusion
prevention services to stop malicious traffic, including worms and network viruses, before they can
affect your network. This section includes the following topics:
• How the ASA IPS module Works with the ASA, page 62-1
• Operating Modes, page 62-2
• Using Virtual Sensors (ASA 5510 and Higher), page 62-3
• Information About Management Access, page 62-4
How the ASA IPS module Works with the ASA
The ASA IPS module runs a separate application from the ASA. The ASA IPS module might include an
external management interface so you can connect to the ASA IPS module directly; if it does not have a
management interface, you can connect to the ASA IPS module through the ASA interface. Any other
interfaces on the ASA IPS module, if available for your model, are used for ASA traffic only.