ASA 5520 in IPS Inline mode

Unanswered Question
Dec 3rd, 2007

I want to configure the my ASA 5520 for IPS inline mode? please help me to do so in ASDM mode.........

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
umedryk Tue, 12/11/2007 - 06:29

The inline and promiscuous keywords control the operating mode of the AIP SSM. The fail-close and fail-open keywords control how the adaptive security appliance treats traffic when the AIP SSM is unavailable. For more information about the operating modes and failure behavior.

The AIP SSM can operate in one of two modes, as follows:

"Inline modePlaces the AIP SSM directly in the traffic flow. No traffic can continue through the adaptive security appliance without first passing through, and being inspected by, the AIP SSM. This mode is the most secure because every packet is analyzed before being allowed through. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. This mode, however, can affect throughput. You specify this mode with the inline keyword of the ips command.

"Promiscuous modeSends a duplicate stream of traffic to the AIP SSM. This mode is less secure, but has little impact on traffic throughput. Unlike operation in inline mode, the SSM operating in promiscuous mode can only block traffic by instructing the adaptive security appliance to shun the traffic or by resetting a connection on the adaptive security appliance. Also, while the AIP SSM is analyzing the traffic, a small amount of traffic might pass through the adaptive security appliance before the AIP SSM can block it. You specify this mode with the inline keyword of the ips command.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html

Actions

This Discussion