Unanswered Question
May 29th, 2008

We've got an ASA 5510 and we're moving to get all our remote users on the SSL/VPN option with this.

However, we'd like to be protected 100% from any remote client that manages to get themselves a virus before connecting to us remotely.

I've been reading on both the AIP and CSC SSM's, but I can't quite distinguish the difference between them. It sounds like they both scan for viruses and other malicious traffic. What's the difference of the two?

Also, we use an internal Trend Micro proxy server for scanning our users internet traffic. It sound like one of these modules (or maybe both can) actually take over this role. Can someone who is using this virus scanning/url-blocking feature on the asa give me an idea on how detail rich the configuration options are? Is it very basic, just plug it in and one simple configuration, or is there a plethora of options for detailed configuration?

Thanks for any info!

(I'm still reading so hopefully I'll have a good grasp on this here soon)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robertblasey Fri, 05/30/2008 - 05:49

Hi Snooter,

The CSC Module is a small TrendMicro Appliance that scans your Http (and Email?) traffic inline. This appliance might save you a proxy server. The AIP-SSM is a full blown Intrusion Prevention System that monitors the firewall traffic via its IPS signatures. You should have additional monitoring or correlation software (like Cisco MARS or Prelude/Prewikka) to help you manage and interpret your IPS data.




This Discussion