Cisco 5510 Getting Started Guide - Page 176
allocate-ips, default, Step 3
UPC - 882658094767
View all Cisco 5510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 176 highlights
Configuring the AIP SSM Chapter 13 Configuring the AIP SSM Step 3 Step 4 assigned to the context. If you specify a sensor name that does not yet exist on the AIP SSM, you get an error, but the allocate-ips command is entered as is. Until you create a sensor of that name on the AIP SSM, the context assumes the sensor is down. Use the mapped_name argument as an alias for the sensor name that can be used within the context instead of the actual sensor name. If you do not specify a mapped name, the sensor name is used within the context. For security purposes, you might not want the context administrator to know which sensors are being used by the context. Or you might want to genericize the context configuration. For example, if you want all contexts to use sensors called "sensor1" and "sensor2," then you can map the "highsec" and "lowsec" senors to sensor1 and sensor2 in context A, but map the "medsec" and "lowsec" sensors to sensor1 and sensor2 in context B. The default keyword sets one sensor per context as the default sensor; if the context configuration does not specify a sensor name, the context uses this default sensor. You can only configure one default sensor per context. If you want to change the default sensor, enter the no allocate-ips sensor_name command to remove the current default sensor before you allocate a new default sensor. If you do not specify a sensor as the default, and the context configuration does not include a sensor name, then traffic uses the default sensor on the AIP SSM. Repeat Step 1 and Step 2 for each context. To configure the context IPS policy, change to the context execution space using the following command: hostname(config-ctx)# changeto context context_name where the context_name argument is the name of the context you want to configure. Change to each context to configure the IPS security policy as described in "Diverting Traffic to the AIP SSM" section on page 13-11. The following example assigns sensor1 and sensor2 to context A, and sensor1 and sensor3 to context B. Both contexts map the sensor names to "ips1" and "ips2." In context A, sensor1 is set as the default sensor, but in context B, no default is set so the default that is configured on the AIP SSM is used. hostname(config-ctx)# context A hostname(config-ctx)# allocate-interface gigabitethernet0/0.100 int1 hostname(config-ctx)# allocate-interface gigabitethernet0/0.102 int2 13-10 Cisco ASA 5500 Series Getting Started Guide 78-19186-01