Virtual Sensor - ASA AIP-SSM

 

 AIP-SSM module has some limitation:

  • Normalization is done by ASA instead of IPS module
  • Does not support TCP tracking mode
 
Default virtual sensor is vs0 and cannot be deleted.The only things you can change are:
  • Description
  • Anomaly detection
  • Interface list(add/remote backplane interface)
 
 ADDING NEW SENSOR
 
 

 (config)# service analysis-engine

(config-ana)# virtual-sensor danpol

(config-ana-vir)# signature-definition sig0

Now we have to remove sensor interface from default vs0 to add to our new one

(config-ana)# virtual-sensor vs0

(config-ana-vir)# no physical-interface GigabitEthernet0/1

(config-ana)# virtual-sensor danpol

 (config-ana-vir)# description Company inline sensor

(config-ana-vir)# physical-interface gigabitEthernet0/1

(config-ana-vir)# exit

We added inline sensor Gi0/1 to new virtual sensor "danpol"

(config-ana)# global-parameters

(config-ana-glo)# ip-logging

(config-ana-glo-ip)# max-open-iplog-files 50

(config-ana-glo-ip)# exit

(config-ana-glo)# exit

(config-ana)# exit

Apply Changes?[yes]: yes
Warning: change to max-open-iplog-files will take effect after next restart
Warning: The node must be rebooted for the changes to go into effect.
Continue with reboot? [yes]: yes

 

dzbanek 2013-03-02

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.