Need Help with a Cisco IPS Upgrade Please
Panzer919
Member Posts: 462
Let me start by saying that I know nothing about the Cisco IPS devices and don't really know that much about ASA's. All i have done with the ASA is setup ACL's, inside and outside nats and VPN's but that was just copying an existing config and modifying it. This issue is a little different.
I have to remove a Cisco IPS system and install an ASA IPS module and wanted to know if you can copy the configuration from the IPS system and paste it into the module once booted up into the ASA? Is there anything else I need to know before I load the configuration? Packages or software to load first perhaps?
I tried searching the forum but came up empty handed. I also searched online but apparently could not put in the correct search terms so I only got doc's on how to set it up from scratch.
I went on cisco's site and looked under the security/ips/ips module for asa section and downloaded the latest items so hopefully that is all I would need to do once I get this configuration problem straightened out.
Any help would be greatly appreciated.
I have to remove a Cisco IPS system and install an ASA IPS module and wanted to know if you can copy the configuration from the IPS system and paste it into the module once booted up into the ASA? Is there anything else I need to know before I load the configuration? Packages or software to load first perhaps?
I tried searching the forum but came up empty handed. I also searched online but apparently could not put in the correct search terms so I only got doc's on how to set it up from scratch.
I went on cisco's site and looked under the security/ips/ips module for asa section and downloaded the latest items so hopefully that is all I would need to do once I get this configuration problem straightened out.
Any help would be greatly appreciated.
Cisco Brat Blog
I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.
Luck is where opportunity and proper planning meet
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison
I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.
Luck is where opportunity and proper planning meet
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison
Comments
-
Demiurge Member Posts: 20 ■□□□□□□□□□The ASA IPS modules run the same code as the stand alone sensors so as long as the code version are the same there shouldn't be much to it. You may need to tweak the network settings a bit, but signatures and filters are exactly the same."It seems to me there's quite a lot to be done. And since, clearly, no one else is going to do it, I will."
-
mikearama Member Posts: 749Yeah, the config copy should be straight forward. The new part for you will be the process to tell the ASA what traffic to send to the IPS module. It's all MPF language for that deal... policy maps and class maps.
You can do some digging on how to config this on the ASA, or post back, and we can give you some pointers.There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project. -
Panzer919 Member Posts: 462Thanks to everyone who replied.
On Saturday I copied and pasted the configs in over the weekend, updated the software and through ASDM sent traffic matching any any IP to the IP's so I'm hoping everything is set up correctly. I have not heard anything yet so that should be a good sign.Cisco Brat Blog
I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.
Luck is where opportunity and proper planning meet
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison