How to identifiy AIP-SSM-10 ot CSC-SSM-10 do I have ?

Similar Messages

• MARS and AIP-SSM

  I am working on a MARS appliance and have devices reporting to it. I also have an ASA with the AIP-SSM installed. I have added the ASA and AIP to MARS and from MARS I can SSH to the AIP module. But If I run a report I do not see anything coming from teh AIP module. I can SSH to the SIP from MARS and run the "show events" and I see events. Any ideas on why I will not be seeing those events in MARS? The AIP is running 6.0.3 S315, MARS is running 4.3.2(2627) S315. Thank you, James

  In order to get events in MARS for any Cisco IDS/IPS sensor you will need to create a "Viewer" account on the sensor for MARS to login and grab them. You will also need to configure MARS to be able to SSH to the sensor as well. To test the SSH you can SSH to MARS and then SSH out to the sensor.
  ssh "username"@"ip_address_sensor"

• How to buy license? for AIP-SSM-10 ?

  Hi all
  how to buy license? for AIP-SSM-10 ?
  1. CON-SU1-AS1A1PK9 this is Cisco SMARTnet Support for AIP-SSM-10
  2. do I need smartnet for ASA ?
  3. what is part number of license ?
  ASA5510test# session 1
  Opening command session with slot 1.
  Connected to slot 1. Escape character sequence is 'CTRL-^X'.
  login: cisco
  Password:
  ***NOTICE***
  This product contains cryptographic features and is subject to United States
  and local country laws governing import, export, transfer and use. Delivery
  of Cisco cryptographic products does not imply third-party authority to import,
  export, distribute or use encryption. Importers, exporters, distributors and
  users are responsible for compliance with U.S. and local country laws. By using
  this product you agree to comply with applicable laws and regulations. If you
  are unable to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  ***LICENSE NOTICE***
  There is no license key installed on the SSM-IPS10.
  The system will continue to operate with the currently installed
  signature set.  A valid license must be obtained in order to apply
  signature updates.  Please go to http://www.cisco.com/go/license
  to obtain a new license or install a license.
  sensor#
  sensor# sh ver
  Application Partition:
  Cisco Intrusion Prevention System, Version 6.0(6)E3
  Host:
      Realm Keys          key1.0
  Signature Definition:
      Signature Update    S399.0                   2009-05-06
      Virus Update        V1.4                     2007-03-02
  OS Version:             2.4.30-IDS-smp-bigphys
  Platform:               ASA-SSM-10
  Serial Number:          ........
  No license present
  Sensor up-time is 21 min.
  Using 655507456 out of 1032499200 bytes of available memory (63% usage)
  application-data is using 39.7M out of 166.8M bytes of available disk space (25%
  usage)
  boot is using 37.6M out of 68.6M bytes of available disk space (58% usage)
  MainApp          N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
  :15:08-0500   Running
  AnalysisEngine   N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
  :15:08-0500   Running
  CLI              N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
  :15:08-0500
  Upgrade History:
    IPS-K9-6.0-6-E3   17:48:06 UTC Wed Jul 15 2009
  Recovery Partition Version 1.1 - 6.0(6)E3
  sensor#

  Hi,
  CON-SU1-AS2A10K9 contract if for ASA+IPS bundle. If AIP-SSM-10 ws purchased as a spare the contract would be CON-SU1-ASIP10K9.
  I am not sure whether or not this Cisco Service for IPS contract can be  used to cover just the AIP-SSM-10 if it was purchased as part of a  Bundle instead of a Spare.
  I would recommend that you check with your Cisco reseller or Cisco  Sales Representative.
  Sourav

• How to block p2p applications(Bittorent like) with AIP-SSM-10?

  Hi,
  How to block p2p application using AIP-SSM-10 working with ASA5520?AIP is on promiscuous mode.
  Thanks,
  Siva

  There are several signatures that detect p2p, for bit torrent there is 11020.0
  Yahoo triggers: 5539.0, 11200.0, 11212.0, 11217.0 & 11219.0
  etc..
  Some are disabled by default though so please ensure you enable the ones that you need.
  If you want to block these then you will have to use event actions that work in promiscuous setup for example request block connection and tcp reset. Please note that care must be taken when using these event actions.
  For more information about the event actions please refer the link below:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/dmevtrul.htm#wp1069467

• How to generate license for AIP-SSM without PAK-number?

  Hello! I’m sorry for my English. I have a problem with generating license for AIP-SSM. My contract with SMARTnet service is activated, but I don’t have a PAK-number. How I can generate a license for updating my module?

  Alternatively you can always write an email to [email protected] with your serial number and they should be able to provide you the license for any cisco device.
  Sachin

• How ASA forwarding traffic to AIP-SSM

  Hi All,
  Can someone help how ASA device forwarding traffic to AIP-SSM? I'm not taking abt Configuration part like Class-map, policy-map and service policy....want to understand the traffic flow from ASA once traffic matched with ACL to AIP-SSM.
  From one of Cisoc document, understood that the module using a Cisco Propietary protocol for communicating with ASA appliance.
  ================================================================================================================
  FYR from Cisco Website:
  Q. How does the Cisco ASA AIP-SSM plug into and communicate with the appliance?
  A. The Cisco ASA AIP-SSM plugs directly into the SSM slot in the Cisco ASA appliance's chassis. This provides a direct connection to the appliance's backplane. Once the module is installed, a proprietary protocol runs over the bus and controls data flow and messaging between the module and appliance.
  ================================================================================================================
  Regards,
  S.Vinoth

  Hey ,
  as you mentioned above , it uses a cisco Probietary protocol for that communication , there are two interfaces , control channel and data channnel , data channel is where the traffic being forwarded , the backplane is the connection between the ASA and the IPS interface .
  Hope that this helps .
  Mohammad.

• Is there any architectural difference between CSC-SSM and AIP-SSM modules

  Hello security gurus!
  I'm wondering if there's any chance to make Content security module (CSC-SSM) work as IPS (AIP-SSM). It seems to me they are absolutely identical in terms of hardware. Is there any chance to make CSC-SSM boot with the flash from AIP-SSM and have the ASA recognize it as an IPS module ?
  Eugene

  Zheka,
  This is not recommended and you will loose support, these are different devices designed for different purposes, you will also have issues with the license, I have seen it one once, and the customer did it by mistake, the module eventually crashed and we had to add the proper image.
  Regards,
  Felipe.

• AIP-SSM How to Verify Traffic is being passed for inspection?

  "show conf" command on my AIP SSM CLI. gigabitEthernet0/1 backplane interface of the SSM has not been assigned to virtual sensor vs0.but
  Through this command show service-policy
  traffic is recevied by IPS Module.why this,
  Kindly guide me

  Thanks,i got it.
  Cinet-IPS1# show statistics virtual-sensor
  Virtual Sensor Statistics
  Statistics for Virtual Sensor vs0
  Name of current Signature-Defintion instance = sig0
  Name of current Event-Action-Rules instance = rules0
  List of interfaces monitored by this virtual sensor = GigabitEthernet0/1 subinterface 0
  General Statistics for this Virtual Sensor
  Number of seconds since a reset of the statistics = 434653
  SensorApp Memory Use Percentage = 33
  Processing Load Percentage = 1
  Total packets processed since reset = 1722
  Total IP packets processed since reset = 1722
  Total IPv4 packets processed since reset = 1722
  Total IPv6 packets processed since reset = 0
  Total IPv6 AH packets processed since reset = 0
  Total IPv6 ESP packets processed since reset = 0
  Total IPv6 Fragment packets processed since reset = 0
  Total IPv6 Routing Header packets processed since reset = 0
  Total IPv6 ICMP packets processed since reset = 0
  Total packets that were not IP processed since reset = 0
  Total TCP packets processed since reset = 1466
  Total UDP packets processed since reset = 0
  Total ICMP packets processed since reset = 256
  Total packets that were not TCP, UDP, or ICMP processed since reset = 0
  Total ARP packets processed since reset = 0

• Password Reset for AIP-SSM 10

  Hi,
  i have an ASA5520 with v 7.2(2) running.
  but the IPS module spftware is 5.1
  when i tried to login to the > session 1
  it prompts me for a login and password.
  i tried cisco and a few other combinations.. but no luck ,,
  how do i reset it ?? also that reset procedure on the docs says its resets password or the user cisco ..
  how can i be sure if the user cisco even exists on it or not ?
  any help please ???

  no man it doesnt ..
  the link u specified says it too..
  hw-module module slot_number password-reset?This command recovers a password on a Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) or the AIP-SSM without having to re-image the device.
  Note: This command starts support from IPS 6.0 (ASA 7.2 version) and is used to restore the Cisco CLI account password to the default cisco
  hers my ASA and IPS details..
  ASA# sh version
  Cisco Adaptive Security Appliance Software Version 7.2(2)
  Device Manager Version 5.2(2)
  Compiled on Wed 22-Nov-06 14:16 by builders
  System image file is "disk0:/asa722-k8.bin"
  Config file at boot was "startup-config"
  ASA up 22 days 3 hours
  Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
  ASA# sh module 1
  Mod Card Type Model Serial No.
  1 ASA5500 SSM-10 ASA-SSM-10 B155670DW4
  Mod MAC Add Range Hw Ver. Fw Ver. Sw Ver.
  1 00xx to 001 1.0 1.0(10)0 5.0(2)S152.0
  Mod SSM Apps. Name Status SSM Apps Version
  1 IPS Up 5.0(2)S152.0
  Mod Status Data Plane Status Compatibility
  1 Up Up

• Using ASA5510 AIP-SSM in IDS mode

  Hi,
  I' ve a Cisco ASA5510 with  AIP-SSM and I wold like to use it like a one-armed IDS for connect them to a span port of a switch in my network,
  without the traffic passing through the Firewall.
  I've try to configure it and connect the interface inside (fast0/1) to the span port, I create the policy for permit  all the traffic to the  Sensor but it doesn't work, no packet recived on sensor.
  somebody can help me?
  thanks

  Unfortunately you can't use the AIP-SSM in an ASA with a spanning switch like you could with the 4200 series appliances.
  The reason is that the ASA was built to be a firewall, and no matter how much of that functionality you turn off, it still needs to see TCP and UDP conversations flowing thru the ASA in order to pass that traffic to the AIP-SSM sensor (I tired very hard to see if I could get around this limitation, but you can't).
  The best you can hope to do is put the ASA in-line (I know this reduces reliability) and turn off as much of the firewall configs you can. Then you can promisciously monitor the traffic passing thru teh ASA with teh AIP-SSM.
  It's not ideal, but it's the cheapest IPS sensor in Cisco's line up right now.
  - Bob

• Sync configs between AIP-SSMs

  We have a pair of ASA 5520s in active/stanby mode. This part of the situation works great, configurations are always synced to the standby, nothing is lost. Planned failover has worked every time without users even noticing.
  We have an AIP-SSM-20 in each.
  The challenge arises as it seems there is still no easy and automatic way to sync the configuration of the SSMs together.
  Due to all the false positives, we need to perform configurations on the AIP-SSMs. Is there a method I am overlooking, how do you do it?
  Thanks.

  Thanks for your reply. I've gotten back on this subject....
  Does this run as a service, like it is running all the time and needs to be installed on a system which is always up, or does this run as an application only as needed.
  Based on the requirements, I can not tell. It can run on desktop OSes or Server OSes.
  "Hard Drive
  • 100 GB
  Memory (RAM)
  • 2 GB
  Supported Operating Systems
  • Windows Vista Business and Ultimate (32-bit only)
  • Windows XP Professional (32-bit only)
  • Windows 2003 server
  Note: Cisco IPS Manager Express supports only the 32-bit U.S. English version of Windows."
  100GB for an application, seems rather hefty to me. Is this for real?
  Thanks

• Signature Updates for AIP-SSM 10

  Hi all how can i obtain Signature Updates for AIP-SSM 10 where i am having 60 day trial license with me

  Here is the main file download page for the IPS sensors.
  Find the section for the version you are running and click on the Latest Signature Updates link to take to you to the download page for signature updates.
  You can then download which ever signature update you want.
  NOTE1: Each Signature Updates contains all signatures from previous Sig levels. So you only need to download the latest one.
  NOTE2: Each signature update has a specific E (Engine) level requirement. You can execute "show ver" on your sensor to determine if it is at an E1 or E2 level. If it is at E1 and you want the latest sigs that require E2 then you will first need to install the E2 upgrade.
  On that main download page look for the "Latest Upgrades" link for your version, and look for the IPS-engine-E2-req-X.X-X.pkg file where the X.X-X matches your sensor version.
  If there is not an X.X-X matching your sensor version, then you may need to upgrade the software version for your sensor as well.
  NOTE3: Many of these links will also require an account on cisco.com. And for some of these files that account may also need to be verified for being from a country where the USA's export restrictions allow downloads for encryption. (Most countries qualify but you do have to go through that qualification step). It has been over 10 years that I have had do this so I am not sure of the latest procedures for getting an account or validating it for encrpytion downloads.

• Configuring SNMP Trap receiver on AIP-SSM sensor

  I receive the following error message from my ASA5520 firewall when attempting to forward SNMP traps from my AIP-SSM20 sensor to a server on my Inside interface that is configured to receive SNMP traps:
  ASA-4-418001: Through-the-device packet to/from management-only network is denied: udp src management: 10.3.21.2/32768 dst Inside: PPC0ES/162
  Can I reconfigure the management IP address of the AIP-SSM sensor to connect to the Inside interface instead of the management vlan or does my SNMP server have to reside on the management vlan with the sensor?

  Hi Subodh,
  Yes, the AIP-SSM can operate in either inline (IPS) or promiscuous (IDS) mode. I would recommend you start by reviewing the following config guide, which shows you how to configure the ASA to pass traffic to the SSM for inspection:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml
  If you have any other specific questions, feel free to post back.
  Hope that helps.
  -Mike

• AIP-SSM (Not Applicable)

  Hi Experts,
               We have 2ASA and each one have AIP-SSM,with 2nd ASA AIP-SSM I tried to upload latest image for AIP-SSM 20 but didnt worked and now i see module is dead...pls check the detials below.....pls help me out how to make it up or work properly so that i can config other stuff.Pls its very imp and urgent help me out....
  ASA-A:
  251-DBSi-ASA5540# sh module 1
  Mod Card Type                                    Model              Serial No.
    1 ASA 5500 Series Security Services Module-20  ASA-SSM-20         JAF11370608
  Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
    1 0007.0e11.e13b to 0007.0e11.e13b  1.0          1.0(11)2     5.1(6)E1
  Mod SSM Application Name           Status           SSM Application Version
    1 IPS                            Up               5.1(6)E1
  Mod Status             Data Plane Status     Compatibility
    1 Up                 Up
  ASA-B:
  251-DBSi-ASA5540# sh module 1
  Mod Card Type                                    Model              Serial No.
    1 ASA 5500 Series Security Services Module-20  ASA-SSM-20         JAF1137060C
  Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
  1 001d.4524.a414 to 001d.4524.a414  1.0          1.0(11)2     5.1(6)E1
  Mod SSM Application Name           Status           SSM Application Version
    1 IPS                            Not Applicable   5.1(6)E1
  Mod Status             Data Plane Status     Compatibility
    1 Recover            Not Applicable

  Please try rebooting the module, if it does not work recovery it using the following procedure
  http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/cliimage.html#wpxref68481
  Regards
  Farrukh

• Configuring AIP-SSM modelue

  hi,
  we have AIP-SSM-40 modeule installed on ASA 5540 but it is just physically present.
  Is it possible to configure to this modeule in inline or like IDS mode? It has only one Ethernet interface. Can this interface be treated as sensor interface and mark a copy of all incoming frames on this interface ( by SPA on switches ).
  Please share the experience.
  Thanks in advance.
  Subodh

  Hi Subodh,
  Yes, the AIP-SSM can operate in either inline (IPS) or promiscuous (IDS) mode. I would recommend you start by reviewing the following config guide, which shows you how to configure the ASA to pass traffic to the SSM for inspection:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml
  If you have any other specific questions, feel free to post back.
  Hope that helps.
  -Mike