outside network ANY
inside network 192.168.1.0
How can i simulate the work of AIP-SSM to be at behind of firewall?
access-list test extended permit ip any 192.168.1.0 255.255.255.0
match access-group name test
ips inline fail-open
Waits for any comments
My expertise is in the IPS and not the firewall. My knowledge of the firewall is fairly limited to what it takes to get packets to the SSM.
SO I am not sure what ACls are applied before decryption or after decryption.
If you want to know at what stage the ACLs are applied you would need to post a message on the firewall forum.
I was just trying to show that all firewall features (whatever they may be) would be done on the packet before sending to the SSM with the exception of encryption and final transmission.