Query on SSM (as IPS) on ASA (5505/5510/5520)

Unanswered Question
Mar 19th, 2009

Hi All,

I have ASA terminating the VPN clients (remote access or L2L vpn), and if I have SSM installed on ASA (to act as IPS), will this ASA successfully be able to perform real-time spam/virus filtering even for the encrypted traffic that is coming through the remote client VPN or client via L2L vpn.? if so, any special license also needed for the ASA..?

Thank you in advance

MS

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bnidacoc Fri, 03/20/2009 - 10:32

I would suspect the module would analyze because it is my experience that inbound traffic on an interface is decrypted, then ACLs are applied on the decrypted traffic. And as people here have said that the IPS works post ACL, I believe that inbound traffic is processed like this; decryption -> access control -> inspection.

However, you mention spam and I am not sure if you are talking about the IPS modules, as I had thought they did not prevent spam. Although they could prevent some malicious attachments.

Actions

This Discussion