CISCO ASA AIP-SSM 7.0 - Basic Sensor Configuration

 

HOSTNAME

  • go to host configuration mode

(config)# service  host
(config-hos)# network-settings

(config-hos-net)# host-name Sensor1

(config-hos-net)# exit

(config-hos)# exit
Apply Changes?[yes]: yes


NETWORK SETTINGS

 

  • go to host configuration mode

(config)# service host
(config-hos)# network-settings
(config-hos-net)# host-ip 149.121.230.251/24,149.121.230.4
pl-cisco-ips-2(config-hos-net)# exit
pl-cisco-ips-2(config-hos)# exit
Apply Changes?[yes]: yes



REMOTE ACCESS - enable telnet(ssh is enabled by default)


 By default is disabled and it is recommended configuration

  • go to host configuration mode

(config)# service host

(config-hos)# network-settings

(config-hos-net)# telnet-option enabled
(config-hos-net)# exit
(config-hos)# exit
Apply Changes?[yes]: yes


BANNER

  • go to host configuration mode

(config)# service host

(config-hos)# network-settings

(config-hos-net)# login-banner-text Welcome on danpol.net IPS sensor.If you are not authorized disconnect immediately.
(config-hos-net)# exit
(config-hos)# exit
Apply Changes?[yes]: yes

 


TRUSTED HOSTS


  • go to host configuration mode

(config)# service host

(config-hos)# network-settings
(config-hos-net)# access-list 149.121.230.0/24
(config-hos-net)# access-list 195.177.84.45/32
(config-hos-net)# exit
(config-hos)# exit
Apply Changes?[yes]: yes

 This is list with host allowed to connect ot sensor for management purposes


 NTP

(config)# service host

(config-hos)# ntp-option enabled-ntp-unauthenticated

(config-hos-ena)# ntp-server 149.121.230.38

(config-hos-ena)# exit

(config-hos)# exit

 

There is also option to use authenticated NTP.


DST

  • go to host configuration mode

(config)# service host

(config-hos)# summertime-option recurring

 (config-hos-rec)# offset 60

 (config-hos-rec)# summertime-zone-name Katowice,PL

(config-hos-rec)# start-summertime

(config-hos-rec-sta)# day-of-week sunday

(config-hos-rec-sta)# week-of-month last

(config-hos-rec-sta)# month march

(config-hos-rec-sta)# time-of-day 01:00

(config-hos-rec-sta)# exit

(config-hos-rec)# end-summertime

(config-hos-rec-end)# day-of-week sunday

(config-hos-rec-end)# week-of-month last

(config-hos-rec-end)# time-of-day 01:00

(config-hos-rec-end)# exit

(config-hos-rec)# exit

(config-hos)# exit

Apply Changes?[yes]: yes

Warning: Reboot is required before the configuration change will take effect
Warning: The node must be rebooted for the changes to go into effect.
Continue with reboot? [yes]:yes

 

WEB-SERVER

Default settings are good and there is no need to change them however there are possibility to change port on which server is listening,disable encryption(TLS) and configure server-id.

 

OBTAINING LICENSE

  •  in IDM(GUI) go to Configuration - Sensor Management - Licensing
  • click "Update License", type valid CCO user and password
ips-basic-1.PNG

 

ips-basic-2.PNG

 

ips-basic-3.PNG

To obtain license you have to have valid contract for IPS.


 AUTO-UPGRADE

 

(config)# service host

(config-hos)# auto-upgrade

(config-hos-aut)# cisco-server enabled

(config-hos-aut-ena)# user-name your_CCO_user

(config-hos-aut-ena)# password
Enter password[]: *************
Re-enter password: *************

(config-hos-aut-ena)# schedule-option calendar-schedule

(config-hos-aut-ena-cal)# days-of-week saturday

(config-hos-aut-ena-cal)# times-of-day 19:50

(config-hos-aut-ena-cal)# exit

(config-hos-aut-ena)# exit

(config-hos-aut)# exit

(config-hos)# exit

Apply Changes?[yes]: yes

 Please configure  schedule for auto-upgrade carefully to avoid problems with performance.

 ------------------------------------------

Signature Definition:
Signature Update S480.0 2010-03-24

 

Broadcast Message from root@Sensor1
(somewhere) at 19:50 ...

Applying update IPS-sig-S699-req-E4

 

Broadcast Message from root@Sensor1
(somewhere) at 20:15 ...

Update complete

 

Signature Definition:
Signature Update S699.0 2013-02-27

 ------------------------------------------

dzbanek 2013-03-01

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.