AIP-SSM outside inside dmz

Unanswered Question
Jul 15th, 2009


I'm reviewing the situation next three traffic zones outside, inside, DMZ,

service-policy xxxx-policy interface outside

service-policy xxxx-policy interface inside

service-policy xxxx-policy interface dmz_stgo

and I need to lower the level of examination but only in one area, which is the area inside,

such outside high-DMZ

DMZ-outside high

inside low-DMZ

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Wed, 07/15/2009 - 14:14

Please give us some additional detail on whatyou mean by "lower the level of examination" on one of your interfaces. Did you want to apply a subset of the signatures? (then you'd go down the virtual sensor path) Or, did you want to filter the IP addresses/port reaching the sensor on that interface? (then you'd adjust the class-map ACL)

alexispino Wed, 07/15/2009 - 14:48

ok I have a situation where some companies want to change but the signatures are applied only to traffic from inside to DMZ

and the class-map

access-list xxxx permit ip any any


This Discussion