AIP-SSM outside inside dmz

Unanswered Question
Jul 15th, 2009
User Badges:


I'm reviewing the situation next three traffic zones outside, inside, DMZ,

service-policy xxxx-policy interface outside

service-policy xxxx-policy interface inside

service-policy xxxx-policy interface dmz_stgo

and I need to lower the level of examination but only in one area, which is the area inside,

such outside high-DMZ

DMZ-outside high

inside low-DMZ

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Wed, 07/15/2009 - 14:14
User Badges:
  • Gold, 750 points or more

Please give us some additional detail on whatyou mean by "lower the level of examination" on one of your interfaces. Did you want to apply a subset of the signatures? (then you'd go down the virtual sensor path) Or, did you want to filter the IP addresses/port reaching the sensor on that interface? (then you'd adjust the class-map ACL)

alexispino Wed, 07/15/2009 - 14:48
User Badges:

ok I have a situation where some companies want to change but the signatures are applied only to traffic from inside to DMZ

and the class-map

access-list xxxx permit ip any any


This Discussion