Table of Contents
Advertisement
Chapter 13
Configuring the AIP SSM
Configuring the AIP SSM
hostname(config-ctx)# allocate-interface
gigabitethernet0/0.110-gigabitethernet0/0.115 int3-int8
hostname(config-ctx)# allocate-ips sensor1 ips1 default
hostname(config-ctx)# allocate-ips sensor2 ips2
hostname(config-ctx)# config-url
ftp://user1:passw0rd@10.1.1.1/configlets/test.cfg
hostname(config-ctx)# member gold
hostname(config-ctx)# context sample
hostname(config-ctx)# allocate-interface gigabitethernet0/1.200 int1
hostname(config-ctx)# allocate-interface gigabitethernet0/1.212 int2
hostname(config-ctx)# allocate-interface
gigabitethernet0/1.230-gigabitethernet0/1.235 int3-int8
hostname(config-ctx)# allocate-ips sensor1 ips1
hostname(config-ctx)# allocate-ips sensor3 ips2
hostname(config-ctx)# config-url
ftp://user1:passw0rd@10.1.1.1/configlets/sample.cfg
hostname(config-ctx)# member silver
hostname(config-ctx)# changeto context A
...
Diverting Traffic to the AIP SSM
To identify traffic to divert from the adaptive adaptive security appliance to the
AIP SSM, perform the following steps. In multiple context mode, perform these
steps in each context execution space.
To identify the traffic that you want to be inspected by the AIP SSM, add one or
Step 1
more class maps using the class-map command.
For example, you can match all traffic using the following commands:
hostname(config)# class-map IPS
hostname(config-cmap)# match any
To match specific traffic, you can match an access list:
hostname(config)# access list IPS extended permit ip any 10.1.1.1
255.255.255.255
hostname(config)# class-map IPS
hostname(config-cmap)# match access-list IPS
Cisco ASA 5500 Series Getting Started Guide
13-11
78-19186-01
Hide quick links:
Advertisement
Table of Contents
