I recently configured one of the new software IPS modules in an ASA X series firewall and after the initial setup, I could not access the IPS module from ASDM or from IME (IPS Management Express). I found that there are two requirements before the IPS will talk.

1. If the IPS ip address is on a different subnet than the management network (192.168.1.0 by default), you’ll need to issue “no nameif” on the Management0/0 interface

2. Even if you decide not to use the Management0/0 for ASA management, it must be in an UP and UP state, so you’ll need to connect it to your switch.

ips

Leave a Reply

Post Navigation