beautypg.com

Monitoring the asa ips module – Cisco ASA 5505 User Manual

Page 1240

background image

58-20

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 58 Configuring the ASA IPS Module

Monitoring the ASA IPS module

Monitoring the ASA IPS module

To check the status of a module, enter one of the following commands:

Examples

The following is sample output from the show module details command, which provides additional
information for an ASA with an SSC installed:

hostname# show module 1 details

Getting details from the Service Module, please wait...

ASA 5500 Series Security Services Card-5

Hardware version: 0.1

Serial Number: JAB11370240

Firmware version: 1.0(14)3

Software version: 6.2(1)E2

MAC Address Range: 001d.45c2.e832 to 001d.45c2.e832

App. Name: IPS

App. Status: Up

App. Status Desc: Not Applicable

App. Version: 6.2(1)E2

Data plane Status: Up

Status: Up

Mgmt IP Addr: 209.165.201.29

Mgmt Network Mask: 255.255.224.0

Mgmt Gateway: 209.165.201.30

Mgmt Access List: 209.165.201.31/32

Step 7

(Optional)

ips

{inline | promiscuous} {fail-close |

fail-open

} [sensor {sensor_name |

mapped_name}]

Example:

hostname(config-pmap-c)# ips promiscuous

fail-close

Specifies that the second class of traffic should be sent to the ASA
IPS module.

Add as many classes as desired by repeating these steps.

Step 8

service-policy

policymap_name {global |

interface

interface_name}

Example:

hostname(config)# service-policy

tcp_bypass_policy outside

Activates the policy map on one or more interfaces. global applies
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.

Command

Purpose

Command

Purpose

show module

Displays the status.

show module {1 | ips} details

Displays additional status information. Specify 1 for a physical module
and ips for a software module.

show module {1 | ips} recover

Displays the network parameters for transferring an image to the module.
Specify 1 for a physical module and ips for a software module.