13-11
Cisco ASA 5500 Series Getting Started Guide
78-19186-01
Chapter 13 Configuring the AIP SSM
Configuring the AIP SSM
hostname(config-ctx)#
allocate-interface
gigabitethernet0/0.110-gigabitethernet0/0.115 int3-int8
hostname(config-ctx)#
allocate-ips sensor1 ips1 default
hostname(config-ctx)#
allocate-ips sensor2 ips2
hostname(config-ctx)#
config-url
ftp://user1:[email protected]/configlets/test.cfg
hostname(config-ctx)#
member gold
hostname(config-ctx)#
context
sample
hostname(config-ctx)#
allocate-interface gigabitethernet0/1.200 int1
hostname(config-ctx)#
allocate-interface gigabitethernet0/1.212 int2
hostname(config-ctx)#
allocate-interface
gigabitethernet0/1.230-gigabitethernet0/1.235 int3-int8
hostname(config-ctx)#
allocate-ips sensor1 ips1
hostname(config-ctx)#
allocate-ips sensor3 ips2
hostname(config-ctx)#
config-url
ftp://user1:[email protected]/configlets/sample.cfg
hostname(config-ctx)#
member silver
hostname(config-ctx)#
changeto context A
...
Diverting Traffic to the AIP SSM
To identify traffic to divert from the adaptive adaptive security appliance to the
AIP SSM, perform the following steps. In multiple context mode, perform these
steps in each context execution space.
Step 1
To identify the traffic that you want to be inspected by the AIP SSM, add one or
more class maps using the
class-map
command.
For example, you can match all traffic using the following commands:
hostname(config)#
class-map IPS
hostname(config-cmap)#
match any
To match specific traffic, you can match an access list:
hostname(config)#
access list IPS extended
permit ip any 10.1.1.1
255.255.255.255
hostname(config)#
class-map IPS
hostname(config-cmap)#
match access-list IPS