Diverting Traffic to AIP-SSM

Unanswered Question

I'm a little on the new end of all of this so bear with me. I hope I'm in the right forum.

I have an ASA 5510 with an AIP-SSM-10 card that I am configuring for a customer. Everything is up and running except for the diversion of traffic to the AIP. I know that I need an access list to do that but I want to EXCLUDE VPN traffic when I divert. In other word I want the AIP to inspect everything except ipsec. I'm having trouble understanding how to use an access list for everything except VPN traffic. Any help would be greatly appreciated.

Thanks

Brad

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Brad -

The access list is quite easy. First, you would put your exceptions using deny statements. Next, you would make permits for the traffic you want inspected. Here is an example..

access-list AIP extended deny ip 172.16.1.0 255.255.255.0 any

access-list AIP extended deny ip any 172.16.1.0 255.255.255.0

access-list AIP extended permit ip any any

In this example, the VPN traffic is the 172.16.1.0/245 network. This can be a local range or the ip pool's range.

Please rate helpful posts.

Jay

Actions

This Discussion