In my last post I explored the use of ASDM-IDM Demo mode as both a tutorial and study tool for the ASA Security Appliance certification exams. After exploring the embedded IPS Device Manager (IDM) demo, I felt it worthwhile to discuss it here as it is another excellent tool to help prepare an administrator to configure the AIP-SSM (Advanced Intrusion Prevention Security Service Module) for the ASA.
The IDM component of the demo software is launched using the following screen:
When I launched this application for the first time, I received the following error after selecting the Intrusion Prevention tab:
What is interesting here is that the “Help” button doesn’t really help! It only offers a pop-up window suggesting the Java Control panel be used with a run-time setting of –Xmx256m, a configuration string often needed with the old stand-alone version of IDM. After doing some digging (thank you, Google!), I was able to find a Cisco Support Community post, which pointed me to the ASDM Launcher config file, typically found in the Program Files\Cisco Systems\ASDM folder and named asdm-launcher.config.
The config file is set to read-only, so you need to remove this attribute before modification and restore it afterward. After removing the read-only attribute for this file, I increased the lines marked –Xms and –Xmx to 256m and 512m, respectively, as recommended in the post. Once modified, the IPS Device Manager initial screen is displayed (after logging in with the Cisco account and Cisco password):
What is displayed here is NOT what I expected; the model of IPS seen in the upper left-hand corner is a 4255 instead of an AIP-SSM. As you can see in the following screen shot, the simulation of the interface is impressive, allowing for the examination of detailed signature and alerting properties. To get to the IDM configuration area, you need to click on the IPS shield icon after selecting the Configuration main menu area.
Most of the core IPS functionality is possible using this simulated interface: adjusting signature parameters, launching the custom signature creating wizard, and even manually setting up the anomaly detection histograms.