1. Can I use the default virtual sensor vs0 for the incoming traffic on all the interfaces.
2. How can I allocate interfaces to the AIP-SSM module.
3. How can I allocate interafces to the IDSM module.
I am assuming that the interfaces assigned are the ones on which inline inspection is performed.
The AIP-SSM does not have 'both' of these modes. This is only valid for sensors/IDSM AFAIK.
The AIP is 'internally connected' to the ASA and has only two deployment modes available instead of three, here is a brief description from CCO:
#Is the AIP-SSM module to function or be deployed in promiscuous or inline mode?
* Promiscuous mode means that a copy of the data is sent to the AIP-SSM while the ASA forwards the original data on to the destination. The AIP-SSM in promiscuous mode can be considered to be an intrusion detection system (IDS). In this mode, the trigger packet (the packet that causes the alarm) can still reach the destination. Shunning can take place and stop additional packets from reaching the destination, however the trigger packet is not stopped.
* Inline mode means that the ASA forwards the data to the AIP-SSM for inspection. If the data passes AIP-SSM inspection, the data returns to the ASA in order to continue being processed and sent to the destination. The AIP-SSM in inline mode can be considered to be an intrusion prevention system (IPS). Unlike promiscuous mode, inline mode (IPS) can actually stop the trigger packet from reaching the destination.