Management only interface
Cisco ASA has a management only interface which you have to disable in order to allow IPS to get global correlation update.
interface vlan 10 description management no management-only
management-only command denies traffic that is not destined to the ASA itself. IPS that connects to management-only interface will never get updates from the internet.
Conditional NAT
ASA5505 allows you to restrict on which condition the traffic will be NAT-ed. In order for IPS to receive global correlation updates ASA has to allow destination port: DNS, HTTP and HTTPS.
object network IPS host 192.168.100.1 description IPS MANAGEMENT IP ADDRESS object service https service tcp destination eq https object service http service tcp destination eq www object network GOOGLE_PRI_DNS host 8.8.8.8 description GOOGLE PRIMARY DNS object network GOOGLE_SEC_DNS host 8.8.4.4 description GOOGLE SECONDARY DNS object-group network PUBLIC_DNS description PUBLIC DNS SERVERS network-object object GOOGLE_PRI_DNS network-object object GOOGLE_SEC_DNS nat (management,outside) source dynamic IPS interface service https https nat (management,outside) source dynamic IPS interface service http http nat (management,outside) source dynamic IPS interface service dns dns
The NAT configuration only translates the IP address of IPS into the outside interface IP address if the following conditions have been met:
1. The source IP address belongs to IPS.
2. If IPS is requesting DNS.
3. If IPS is requesting HTTP/HTTPS.
Successful global correlation updates
You need to have IPS license in order to get global correlation updates.
cyruslab 