Diverting traffic to the asa ips module, Diverting traffic to the asa ips – Cisco ASA 5505 User Manual

Page 1237

Advertising
background image

58-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 58 Configuring the ASA IPS Module

Configuring the ASA IPS module

Examples

The following example assigns sensor1 and sensor2 to context A, and sensor1 and sensor3 to context B.
Both contexts map the sensor names to “ips1” and “ips2.” In context A, sensor1 is set as the default
sensor, but in context B, no default is set so the default that is configured on the ASA IPS module is used.

hostname(config-ctx)# context A

hostname(config-ctx)# allocate-interface gigabitethernet0/0.100 int1

hostname(config-ctx)# allocate-interface gigabitethernet0/0.102 int2

hostname(config-ctx)# allocate-interface gigabitethernet0/0.110-gigabitethernet0/0.115

int3-int8

hostname(config-ctx)# allocate-ips sensor1 ips1 default

hostname(config-ctx)# allocate-ips sensor2 ips2

hostname(config-ctx)# config-url ftp://user1:[email protected]/configlets/test.cfg

hostname(config-ctx)# member gold

hostname(config-ctx)# context sample

hostname(config-ctx)# allocate-interface gigabitethernet0/1.200 int1

hostname(config-ctx)# allocate-interface gigabitethernet0/1.212 int2

hostname(config-ctx)# allocate-interface gigabitethernet0/1.230-gigabitethernet0/1.235

int3-int8

hostname(config-ctx)# allocate-ips sensor1 ips1

hostname(config-ctx)# allocate-ips sensor3 ips2

hostname(config-ctx)# config-url ftp://user1:[email protected]/configlets/sample.cfg

hostname(config-ctx)# member silver

hostname(config-ctx)# changeto context A

...

What to Do Next

Change to each context to configure the IPS security policy as described in

“Diverting Traffic to the ASA

IPS module” section on page 58-17

.

Diverting Traffic to the ASA IPS module

This section identifies traffic to divert from the ASA to the ASA IPS module.

Prerequisites

In multiple context mode, perform these steps in each context execution space. To change to a context,
enter the changeto context context_name command.

Advertising