[c-nsp] AIP-SSM for ASA
Jeff Kell
jeff-kell at utc.edu
Mon Aug 14 11:32:03 EDT 2006
Jonathan Charles wrote:
> I have a few questions... First, for management, does it need to be
> connected via the external interface?
Yes, that is the only way you can access the thing other than the ASA 'session' facility. It loads images/signatures from there, sends out traps/alerts from there, and you access the management GUI through there. The 'backplane' access is only for sniffing.
> Second, does failover work (ASAs are
> in active/standby)?
The SSMs are NOT integrated into failover at all. If you have SSMs in both ASAs, you have to manage them separately (unless you have the Ci$co $ecurity Manager package) and it's up to you to keep them in sync in terms of image/signatures/configuration. If you tweak any signatures, disable alerts, change actions, add filters, etc to one, you have to get the changes over to the other one. It doesn't happen automatically.
> I have connecting the mgmt gige to the network... but no luck pinging or
> opening a web browser to it...
You'll have to configure it first from the ASA system context.
> http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps4077/products_installation_guide_chapter09186a008055fc75.html
Jeff
More information about the cisco-nsp
mailing list