- #CONFIGURE CISCO ASA AIP SSM 10 FOR CISCO ASA 5520 HOW TO#
- #CONFIGURE CISCO ASA AIP SSM 10 FOR CISCO ASA 5520 SERIES#
Unlike operation in inline mode, the SSM operating in promiscuous mode can only block traffic by instructing the adaptive security appliance to shun the traffic or by resetting a connection on the adaptive security appliance. This mode is less secure, but has little impact on traffic throughput. Promiscuous mode-Sends a duplicate stream of traffic to the AIP SSM.You specify this mode with the inline keyword of the ips command. This mode, however, can affect throughput. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. This mode is the most secure because every packet is analyzed before being allowed through. No traffic can continue through the adaptive security appliance without first passing through, and being inspected by, the AIP SSM. Inline mode-Places the AIP SSM directly in the traffic flow.The AIP SSM can operate in one of two modes, as follows: For example, packets that are blocked by an access list are not forwarded to the AIP SSM. The adaptive security appliance diverts packets to the AIP SSM just before the packet exits the egress interface (or before VPN encryption occurs, if configured) and after other firewall policies are applied.
#CONFIGURE CISCO ASA AIP SSM 10 FOR CISCO ASA 5520 SERIES#
The ASA 5500 series adaptive security appliance supports the AIP SSM, which runs advanced IPS software that provides further security inspection. Sessioning to the AIP SSM and Running Setup About the AIP SSM.This section contains the following topics: Transferring an Image onto an SSM Managing the AIP SSM.This chapter includes the following sections: Note The Cisco PIX 500 series security appliances cannot support SSMs.
#CONFIGURE CISCO ASA AIP SSM 10 FOR CISCO ASA 5520 HOW TO#
This chapter describes how to configure the adaptive security appliance to support an AIP SSM or a CSC SSM, including how to send traffic to these SSMs.įor information about the 4GE SSM for the ASA 5000 series adaptive security appliance, see Chapter 5 "Configuring Ethernet Settings and Subinterfaces". The Cisco ASA 5500 series adaptive security appliance supports a variety of SSMs.