Cisco 5510 Getting Started Guide - Page 177
Diverting Traffic to the AIP SSM
UPC - 882658094767
View all Cisco 5510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 177 highlights
Chapter 13 Configuring the AIP SSM Configuring the AIP SSM hostname(config-ctx)# allocate-interface gigabitethernet0/0.110-gigabitethernet0/0.115 int3-int8 hostname(config-ctx)# allocate-ips sensor1 ips1 default hostname(config-ctx)# allocate-ips sensor2 ips2 hostname(config-ctx)# config-url ftp://user1:[email protected]/configlets/test.cfg hostname(config-ctx)# member gold hostname(config-ctx)# context sample hostname(config-ctx)# allocate-interface gigabitethernet0/1.200 int1 hostname(config-ctx)# allocate-interface gigabitethernet0/1.212 int2 hostname(config-ctx)# allocate-interface gigabitethernet0/1.230-gigabitethernet0/1.235 int3-int8 hostname(config-ctx)# allocate-ips sensor1 ips1 hostname(config-ctx)# allocate-ips sensor3 ips2 hostname(config-ctx)# config-url ftp://user1:[email protected]/configlets/sample.cfg hostname(config-ctx)# member silver hostname(config-ctx)# changeto context A ... Diverting Traffic to the AIP SSM To identify traffic to divert from the adaptive adaptive security appliance to the AIP SSM, perform the following steps. In multiple context mode, perform these steps in each context execution space. Step 1 To identify the traffic that you want to be inspected by the AIP SSM, add one or more class maps using the class-map command. For example, you can match all traffic using the following commands: hostname(config)# class-map IPS hostname(config-cmap)# match any To match specific traffic, you can match an access list: hostname(config)# access list IPS extended permit ip any 10.1.1.1 255.255.255.255 hostname(config)# class-map IPS hostname(config-cmap)# match access-list IPS 78-19186-01 Cisco ASA 5500 Series Getting Started Guide 13-11