58-20
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter58 Configuring the ASA IPS Module
Monitoring the ASA IPS module
Monitoring the ASA IPS module
To check the status of a module, enter one of the following commands:
Examples
The following is sample output from the show module details command, which provides additional
information for an ASA with an SSC installed:
hostname# show module 1 details
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Card-5
Hardware version: 0.1
Serial Number: JAB11370240
Firmware version: 1.0(14)3
Software version: 6.2(1)E2
MAC Address Range: 001d.45c2.e832 to 001d.45c2.e832
App. Name: IPS
App. Status: Up
App. Status Desc: Not Applicable
App. Version: 6.2(1)E2
Data plane Status: Up
Status: Up
Mgmt IP Addr: 209.165.201.29
Mgmt Network Mask: 255.255.224.0
Mgmt Gateway: 209.165.201.30
Mgmt Access List: 209.165.201.31/32
Step7 (Optional)
ips {inline | promiscuous} {fail-close |
fail-open} [sensor {sensor_name |
mapped_name}]
Example:
hostname(config-pmap-c)# ips promiscuous
fail-close
Specifies that the second class of traffic should be sent to the ASA
IPS module.
Add as many classes as desired by repeating these steps.
Step8 service-policy policymap_name {global |
interface interface_name}
Example:
hostname(config)# service-policy
tcp_bypass_policy outside
Activates the policy map on one or more interfaces. global applies
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.
Command Purpose
Command Purpose
show module Displays the status.
show module {1 | ips} details Displays additional status information. Specify 1 for a physical module
and ips for a software module.
show module {1 | ips} recover Displays the network parameters for transferring an image to the module.
Specify 1 for a physical module and ips for a software module.