A lot of people think that when you put the Cisco IPS module in the ASA, that is all you really have to do to get it going. Well, not so. You have to tell the traffic to go to the IPS module and then through the backplane of the IPS module. Thats at least a two step process just to get traffic there and back, without any other configuration to it. First, get your traffic to go to the IPS module:
access-list IPS-ACL permit ip any any
class-map IPS-Class
description IPS Module
match IPS-ACL
policy-map global_policy
class inspection_default
class IPS-Class
ips inline fail-open
Next, go into the IME for the IPS module, and select the check box as shown below:
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.