All IPS platforms allow ten concurrent CLI sessions. 5% to 95%, noncondensing

Transcription

1 CHAPTER 6 All IPS platforms allow ten concurrent CLI sessions. This chapter describes how to install AIP-SSC-5 in the Cisco ASA 5505 adaptive security appliance. It contains the following sections: Specifications, page 6-1 Hardware and Software Requirements, page 6-1 Indicators, page 6-2 Installation and Removal Instructions, page 6-2 Specifications Table 6-1 lists the specifications for AIP-SSC-5: Table 6-1 AIP-SSC-5 Specifications Specification Dimensions (H x W x D) Weight Operating temperature Nonoperating temperature Humidity Description.68 x 3.55 x 5.20 inches.42 lb +32 to +104 F (+0 to +40 C) 13 to +158 F ( 25 to +70 C) 5% to 95%, noncondensing Hardware and Software Requirements AIP-SSC-5 has the following hardware and software requirements: Cisco ASA 5505 adaptive security appliance Cisco Adaptive Security Appliance Software 8.2 or later Cisco Intrusion Prevention System Software 6.2(1)E3 or later DES or 3DES-enabled 6-1

2 Indicators Chapter 6 Indicators Figure 6-1 shows the AIP-SSC-5 indicator. Figure 6-1 AIP-SSC-5 Indicator 1 Cisco ASA SSC-05 STATUS Table 6-2 describes the AIP-SSC-5 indicator. Table 6-2 AIP-SSC-5 Indicator LED Color State Description 1 STATUS Green Flashing AIP-SSC-5 is booting. AIP-SSC-5 is correctly installed. Solid AIP-SSC-5 has passed power-on diagnostics. Amber Solid AIP-SSC-5 encountered an error during boot up. Installation and Removal Instructions Caution Before installing or replacing AIP-SSC-5 in the Cisco ASA 5505 adaptive security appliance, refer to Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series Adaptive Security Appliance. This section describes how to install and remove AIP-SSC-5, and contains the following topics:, page 6-2 Verifying the Status of AIP-SSC-5, page 6-4 Removing AIP-SSC-5, page 6-5 To install AIP-SSC-5 for the first time, follow these steps: Step 1 Power off the Cisco ASA 5505 adaptive security appliance. The Cisco ASA 5505 adaptive security appliance does not have a power switch. To power it off, disconnect the power connector of the power supply input cable from the electrical outlet. Step 2 Locate the grounding strap from the accessory kit and fasten it to your wrist so that it contacts your bare skin. Attach the other end to the chassis. 6-2

3 Chapter 6 Installation and Removal Instructions Step 3 Remove the two screws at the left back end of the chassis, and remove the slot cover. POWER 48VDC Security Services Card Slot 7 POWER over ETHERNET Console RESET Store the slot cover in a safe place for future use. You must install slot covers on all empty slots. This prevents EMI, which can disrupt other equipment. Step 4 Insert AIP-SSC-5 through the slot opening. POWER 48VDC Security Services Card Slot Console 7 POWER over ETHERNET C i sc o A S A S S C -05 S U S 1 T A T 2 RESET Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Attach the screws to secure AIP-SSC-5 to the chassis. Power on the Cisco ASA 5505 adaptive security appliance by connecting the power connector of the power supply input cable to an electrical outlet. Check the indicators. If AIP-SSC-5 is properly installed, the STATUS indicator flashes green. You can also verify that AIP-SSC-5 has come online using the show module 1 command. Initialize AIP-SSC-5. Install the most recent Cisco IPS software. Configure AIP-SSC-5 to receive IPS traffic. For More Information For information about ESD, which can cause damage equipment and impair electrical circuitry, see Working in an ESD Environment, page For the procedure for verifying that AIP-SSC-5 is properly installed, see Verifying the Status of AIP-SSC-5, page 6-4. For the procedure for using the setup command to initialize AIP-SSC-5, see Advanced Setup for AIP-SSM, page

4 Installation and Removal Instructions Chapter 6 For the procedure for obtaining the latest Cisco IPS software, see Obtaining Cisco IPS Software, page For the procedure for configuring AIP-SSC-5 to receive IPS traffic, refer to Configuring AIP-SSC-5. For the procedure for using HTTPS to log in to IDM, refer to Logging In to IDM. Verifying the Status of AIP-SSC-5 You can use the show module 1 command to verify that AIP-SSC-5 is up and running. The following values are valid for the Status field: Initializing AIP-SSC-5 is being detected and the control communication is being initialized by the system. Up AIP-SSC-5 has completed initialization by the system. Unresponsive The system encountered an error communicating with AIP-SSC-5. Reloading AIP-SSC-5 is reloading. Shutting Down AIP-SSC-5 is shutting down. Down AIP-SSC-5 is shut down. Recover AIP-SSC-5 is attempting to download a recovery image. To verify the status of AIP-SSC-5, follow these steps: Step 1 Step 2 Log in to the Cisco ASA 5505 adaptive security appliance. Verify the status of AIP-SSC-5: asa# show module 1 Mod Card Type Model Serial No ASA 5500 Series AIP Security Services Card-5 ASA-SSC-AIP-5 JAF1243BMCE Mod MAC Address Range Hw Version Fw Version Sw Version bfe.5106 to bfe (15)5 6.2(1)E3 Mod SSC Application Name Status SSC Application Version IPS Up 6.2(1)E3 Mod Status Data Plane Status Compatibility Up Up asa# Step 3 To see details of AIP-SSC-5: asa# show module 1 details Getting details from the Service Module, please wait... ASA 5500 Series AIP Security Services Card-5 Model: ASA-SSC-AIP-5 Hardware version: 1.0 Serial Number: JAF1243BMCE Firmware version: 1.0(15)5 Software version: 6.2(1)E3 MAC Address Range: bfe.5106 to bfe.5106 App. name: IPS 6-4

5 Chapter 6 Installation and Removal Instructions App. Status: Up App. Status Desc: App. version: 6.2(1)E3 Data plane Status: Up Status: Up Mgmt IP addr: Mgmt Network mask: Mgmt Gateway: Mgmt VLAN: 214 Mgmt Access List: /8 Mgmt Access List: /8 Mgmt web ports: 443 Mgmt TLS enabled: true asa# If the status reads Up, AIP-SSC-5 has been properly installed. Removing AIP-SSC-5 To remove AIP-SSC-5 from the Cisco ASA 5505 adaptive security appliance, follow these steps: Step 1 Step 2 Step 3 Step 4 Shut down AIP-SSC-5: asa# hw-module module 1 shutdown Shutdown module in slot 1? [confirm] Press Enter to confirm. Verify that AIP-SSC-5 is shut down by checking the indicators. Power off the Cisco ASA 5505 adaptive security appliance The Cisco ASA 5505 adaptive security appliance does not have a power switch. To power it off, disconnect the power connector of the power supply input cable from the electrical outlet. Step 5 Step 6 Step 7 Locate the grounding strap from the accessory kit and fasten it to your wrist so that it contacts your bare skin. Attach the other end to the chassis. Remove the two screws at the left back end of the chassis. Remove AIP-SSC-5 and set it aside. If you are not replacing AIP-SSC-5 immediately, install the blank slot cover. Slot covers must cover all empty slots. This prevents EMI from disrupting other equipment. Step 8 If you need to replace the existing AIP-SSC-5, insert the new AIP-SSC-5 through the slot opening. Do not replace AIP-SSC-5 with a different model. The the Cisco ASA 5505 adaptive security appliance will not recognize it. Step 9 Attach the screws to secure AIP-SSC-5 to the chassis. 6-5

6 Installation and Removal Instructions Chapter 6 Step 10 Step 11 Power on the Cisco ASA 5505 adaptive security appliance by connecting the power connector of the power supply input cable to an electrical outlet. Reset AIP-SSC-5: asa# hw-module module 1 reset Reset module in slot 1? [confirm] Step 12 Step 13 Press Enter to confirm. Check the indicators to see if AIP-SSC-5 is properly installed. If AIP-SSC-5 is properly installed, the STATUS indicator flashes green. Or you can verify installation using the show module 1command. For More Information For more information on ESD, which can cause damage equipment and impair electrical circuitry, see Working in an ESD Environment, page For the procedure for verifying whether AIP-SSC-5 is properly installed, see Verifying the Status of AIP-SSC-5, page