Diverting Traffic to AIP-SSM

Unanswered Question

I'm a little on the new end of all of this so bear with me. I hope I'm in the right forum.

I have an ASA 5510 with an AIP-SSM-10 card that I am configuring for a customer. Everything is up and running except for the diversion of traffic to the AIP. I know that I need an access list to do that but I want to EXCLUDE VPN traffic when I divert. In other word I want the AIP to inspect everything except ipsec. I'm having trouble understanding how to use an access list for everything except VPN traffic. Any help would be greatly appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Brad -

The access list is quite easy. First, you would put your exceptions using deny statements. Next, you would make permits for the traffic you want inspected. Here is an example..

access-list AIP extended deny ip any

access-list AIP extended deny ip any

access-list AIP extended permit ip any any

In this example, the VPN traffic is the network. This can be a local range or the ip pool's range.

Please rate helpful posts.



This Discussion