Configuring AIP-SSM modelue

Unanswered Question
Aug 20th, 2009

hi,

we have AIP-SSM-40 modeule installed on ASA 5540 but it is just physically present.

Is it possible to configure to this modeule in inline or like IDS mode? It has only one Ethernet interface. Can this interface be treated as sensor interface and mark a copy of all incoming frames on this interface ( by SPA on switches ).

Please share the experience.

Thanks in advance.

Subodh

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Fri, 08/21/2009 - 10:08

Hi Subodh,

Yes, the AIP-SSM can operate in either inline (IPS) or promiscuous (IDS) mode. I would recommend you start by reviewing the following config guide, which shows you how to configure the ASA to pass traffic to the SSM for inspection:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

If you have any other specific questions, feel free to post back.

Hope that helps.

-Mike

The Interface on the SSM module is ONLY for management, NOT for inspection. You must configure through the ASA the basic information for this interface (IP, Gateway), then you can manage the SSM module remotely through IMIE or your favorite management tool.. The SSM acts just like an external IPS system, but the ASA will send the traffic to/from (inline or promiscuous). The document from the other post is good information.

Actions

This Discussion