Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Assigning Virtual Sensors to a Security Context (ASA 5510 and Higher)

31-17

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter31 Configuring the ASA IPS Module

Configuring the ASA IPS module

What to Do Next

•For the ASA in multiple context mode, see the “Assigning Virtual Sensors to a Security Context

(ASA 5510 and Higher)” section on page31-17.

•For the ASA in single context mode, see the “Diverting Traffic to the ASA IPS module” section on

page 31-18.

Assigning Virtual Sensors to a Security Context (ASA 5510 and Higher)

If the ASA is in multiple context mode, then you can assign one or more IPS virtual sensors to each

context. Then, when you configure the context to send traffic to the ASA IPS module, you can specify a

sensor that is assigned to the context; you cannot specify a sensor that you did not assign to the context.

If you do not assign any sensors to a context, then the default sensor configured on the ASA IPS module

is used. You can assign the same sensor to multiple contexts.

Note You do not need to be in multiple context mode to use virtual sensors; you can be in single mode and use

different sensors for different traffic flows.

Prerequisites

For more information about configuring contexts, see the “Configuring Multiple Contexts” section on

page 8-15 in the general operations configuration guide.

Detailed Steps

Step1 In the ASDM Device List pane, double-click System under the active device IP address.

Step2 On the Context Management > Security Contexts pane, choose a context that you want to configure, and

click Edit.

The Edit Context dialog box appears. For more information about configuring contexts, see the

“Configuring Multiple Contexts” section on page 8-15 in the general operations configuration guide.

Step3 In the IPS Sensor Allocation area, click Add.

The IPS Sensor Selection dialog box appears.

Step4 From the Sensor Name drop-down list, choose a sensor name from those configured on the ASA IPS

module.

Step5 (Optional) To assign a mapped name to the sensor, enter a value in the Mapped Sensor Name field.

This sensor name can be used within the context instead of the actual sensor name. If you do not specify

a mapped name, the sensor name is used within the context. For security purposes, you might not want

the context administrator to know which sensors are being used by the context. Or you might want to

genericize the context configuration. For example, if you want all contexts to use sensors called

“sensor1” and “sensor2,” then you can map the “highsec” and “lowsec” sensors to sensor1 and sensor2

in context A, but map the “medsec” and “lowsec” sensors to sensor1 and sensor2 in context B.

Step6 Click OK to return to the Edit Context dialog box.

Step7 (Optional) To set one sensor as the default sensor for this context, from the Default Sensor drop-down

list, choose a sensor name.

Cisco Systems Assigning Virtual Sensors to a Security Context (ASA 5510 and Higher)