ASA 5510 with AIP-SSM

Unanswered Question
Jul 24th, 2007

We are planning to deploy ASA 5510 with AIP-SSM in Transparent mode between VPN device and our internal firewall.

The Outside interface of ASA would be directly connected to Inside interface of VPN device.

The Inside interface of ASA would not be directly connected to Internal Firewall and would be connected through a L2 Switch.

Both the internal firewall interface and ASA inside interface would be in the same VLAN(for eg. VLAN 200) in that L2 switch.

Can anyone confirm if this design is feasible and that ASA would still act in inline mode and does traffic inspection using AIP module without any bottlenecks.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tahequivoice Tue, 07/24/2007 - 08:07

I believe you want the traffic to pass through the ASA-IPS. If it isn't passing through it, it cant inspect it. What you described above doesn't document your traffic flow. The physical connections OTOH don't matter, what matters is how the traffic is flowing.


This Discussion