[c-nsp] AIP-SSM for ASA

Jeff Kell jeff-kell at utc.edu
Mon Aug 14 11:32:03 EDT 2006


Jonathan Charles wrote:
> I have a few questions... First, for management, does it need to be
> connected via the external interface?

Yes, that is the only way you can access the thing other than the ASA 'session' facility.  It loads images/signatures from there, sends out traps/alerts from there, and you access the management GUI through there.  The 'backplane' access is only for sniffing.

> Second, does failover work (ASAs are
> in active/standby)?

The SSMs are NOT integrated into failover at all.  If you have SSMs in both ASAs, you have to manage them separately (unless you have the Ci$co $ecurity Manager package) and it's up to you to keep them in sync in terms of image/signatures/configuration.  If you tweak any signatures, disable alerts, change actions, add filters, etc to one, you have to get the changes over to the other one.  It doesn't happen automatically.

> I have connecting the mgmt gige to the network... but no luck pinging or
> opening a web browser to it...

You'll have to configure it first from the ASA system context.

> http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps4077/products_installation_guide_chapter09186a008055fc75.html

Jeff



More information about the cisco-nsp mailing list