Filter
Top Products
28-7
Cisco ASDM User Guide
OL-16647-01
Chapter 28 Configuring IPS
Diverting Traffic to the AIP SSM
The Add Service Policy Rule Wizard - Service Policy dialog box appears. Complete the Service
Policy and Traffic Classification Criteria dialog boxes. See the “Adding a Service Policy Rule for
Through Traffic” section on page 22-6 for more information. Click Next to show the Add Service
Policy Rule Wizard - Rule Actions dialog box.
Step 4 Click the Intrusion Prevention tab.
You can also set other feature actions for the same traffic using the other tabs.
Step 5 Check the Enable IPS for this traffic flow check box.
Step 6 In the Mode area, click Inline Mode or Promiscuous Mode.
See the “Operating Modes” section on page 28-2 for more details.
Step 7 In the If IPS Card Fails area, click Permit traffic or Close traffic.
The Close traffic option sets the adaptive security appliance to block all traffic if the AIP SSM is
unavailable.
The Permit traffic option sets the adaptive security appliance to allow all traffic through, uninspected, if
the AIP SSM is unavailable.
Step 8 (Optional) From the IPS Sensor to use drop-down list, choose a virtual sensor name.
If you use virtual sensors on the AIP SSM, you can specify a sensor name using this option. If you use
multiple context mode on the security appliance, you can only specify sensors that you assigned to the
context (see the “Assigning Virtual Sensors to Security Contexts” section on page 28-5). If you do not
specify a sensor name, then the traffic uses the default sensor. In multiple context mode, you can specify
a default sensor for the context. In single mode or if you do not specify a default sensor in multiple mode,
the traffic uses the default sensor that is set on the AIP SSM.
Step 9 Click OK.
Intrusion Prevention Tab Field Descriptions
Fields
• Enable IPS for this traffic flow—Enables or disables intrusion prevention for this traffic flow. When
this check box is checked, the other parameters on this window become active.
• Mode—Configures the operating mode for intrusion prevention. See the “Operating Modes” section
on page 28-2 for more information.
–
Inline Mode—Selects Inline Mode, in which a packet is directed to IPS. The packet might be
dropped as a result of the IPS operation.
–
Promiscuous Mode—Selects Promiscuous Mode, in which IPS operates on a duplicate of the
original packet. The original packet cannot be dropped.
• If IPS card fails—Configures the action to take if the AIP SSM becomes inoperable.
–
Permit traffic—Permit traffic if the AIP SSM fails
–
Close traffic—Block traffic if the AIP SSM fails.
• IPS Sensor Selection—Selects the virtual sensor to use for this traffic flow. See the “Using Virtual
Sensors” section on page 28-3 for more information.
–
IPS Sensor to Use—Sets a virtual sensor name. If you use virtual sensors on the AIP SSM, you
can specify a sensor name using this option. If you use multiple context mode on the security
appliance, you can only specify sensors that you assigned to the context (see the “Assigning