We have been using a PIX 515E and an external Smartfilter server for URL filtering for many years. Works well but we would like to add IDS capability. The way to go for that seems to be to get a ASA 5510 with AIP module. Can anyone confirm whether we can continue to use the URL FILTER command (with Smartfilter specifed as the vendor and pointed at the IP address of the Smarfilter server) as we are doing on the PIX? Cisco sales tells me that I need a CSC module to do this which means I can't have an AIP module but the way I read it that appears to be only if you are using the CSC's URL database (user count subscription) to do the filtering. We don't want to. We have 3 years left on our Smartfilter contract. I just talked to someone who owns an ASA 5510 without a CSC module and he sucessfully entered a URL FILTER command in his ASA just like you would on a PIX. Why wouldn't that work?
I have this problem too.