Filter
Top Products
28-5
Cisco ASDM User Guide
OL-16647-01
Chapter 28 Configuring IPS
Accessing IDM from ASDM
4. Using ASDM on the ASA 5500 series adaptive security appliance, identify traffic to divert to the
AIP SSM. See the “Diverting Traffic to the AIP SSM” section on page 28-6.
Accessing IDM from ASDM
ASDM uses IDM to configure the AIP SSM. If the AIP SSM is running IPS Version 6.0 or later, ASDM
retrieves IDM from the AIP SSM and displays it as part of the ASDM interface. For earlier versions of
the IPS software, IDM launches in a separate browser window.
To access IDM from ASDM, click Configuration > IPS.
You are asked for the IP address or hostname of the AIP SSM.
• If the AIP SSM is running IPS Version 6.0 or later, ASDM retrieves IDM from the AIP SSM and
displays it as part of the ASDM interface. Enter the AIP SSM password and click OK.
The IDM panes appear in the ASDM window.
• If the AIP SSM is running an earlier version of IPS software, ASDM displays a link to IDM. Click
the link to launch IDM in a new browser window. You need to provide a username and password to
access IDM.
If the password to access IDM is lost, you can reset the password using ASDM. See the “Resetting the
AIP SSM Password” section on page 28-8, for more information.
Configuring the AIP SSM Security Policy in IDM
On the AIP SSM, configure the inspection and protection policy, which determines how to inspect traffic
and what to do when an intrusion is detected. If you configure virtual sensors in IPS Version 6.0 or above,
you identify one of the sensors as the default. If the ASA 5500 series adaptive security appliance does
not specify a virtual sensor name in its configuration, the default sensor is used.
Because the IPS software that runs on the AIP SSM is beyond the scope of this document, detailed
configuration information is available in the IDM online help. The IDM online help is available from the
IDM panes displayed in ASDM. Additionally, you can see the IDM and IPS documentation on
Cisco.com at the following location:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_installation_and_configuration_g
uides_list.html
Assigning Virtual Sensors to Security Contexts
If the security appliance is in multiple context mode, then you can assign one or more IPS virtual sensors
to each context. Then, when you configure the context to send traffic to the AIP SSM, you can specify
a sensor that is assigned to the context; you cannot specify a sensor that you did not assign to the context.
If you do not assign any sensors to a context, then the default sensor configured on the AIP SSM is used.
You can assign the same sensor to multiple contexts.
Note You do not need to be in multiple context mode to use virtual sensors; you can be in single mode and use
different sensors for different traffic flows.
To assign one or more sensors to a security context, perform the following steps: