Solved: AIP-SSM interface

uthayaman · ‎03-17-2010

What does the interface configuration in AIP-SSM indicates ?

If this indicates that the traffics of this interface will be monitored, then what is the purpose of diverting traffic from asa though policy command.

Jennifer Halim · ‎03-22-2010

Thanks, hope i've answered your questions.

View solution in original post

Jennifer Halim · ‎03-17-2010

The external interface of the AIP-SSM module is purely for management (Command and Control interface). You would need to connect that to your network so you can manage the module (IDM).

uthayaman · ‎03-22-2010

I understood the AIP-SSM mgmt interface ip configuration.In the setup mode when we configure the aip ssm what does the below option represent.

Modify interface/virtual sensor configuration?[no]: yes

Current interface configuration

 Command control: Management0/0

 Unassigned:

  Monitored:

   GigabitEthernet0/1

 Virtual Sensor: vs0

  Anomaly Detection: ad0

  Event Action Rules: rules0

  Signature Definitions: sig0

  [1] Edit Interface Configuration

  [2] Edit Virtual Sensor Configuration

  [3] Display configuration

Option:

Jennifer Halim · ‎03-22-2010

That is the command and control interface, ie: for management of the module (the ip address that you would https/IDM to).

Gig0/1 is the sensing interface, which is connected internally at the backplane of the ASA.

uthayaman · ‎03-22-2010

Here , the monitored interface represent my ASA's physical interfaces ?

If i have four physical interface on my ASA, whether i need to include all the inteface under this monitored option ?

Jennifer Halim · ‎03-22-2010

No, the module is independant of the ASA as far as management/monitoring is concern. The interface is the physical interface on the module itself, not any of the interfaces of the ASA.

Here is the hardware visual of the SSM module where the physical interface is:

http://www.cisco.com/en/US/docs/security/asa/asa82/getting_started/asa5500/quick/guide/opt_card.html#wp1035895

uthayaman · ‎03-22-2010

Thx for the reply....

In which cases i have to change the interface settings.

Jennifer Halim · ‎03-22-2010

Thanks, hope i've answered your questions.

uthayaman · ‎03-22-2010

under which condition i need to change this interface configuration, if this gig interface is the internal one.

Jennifer Halim · ‎03-22-2010

Unfortunately for the AIP-SSM module, you are not able to change any of the interfaces.

uthayaman · ‎03-22-2010

But i got the option to add interface while configuring aip-ssm.Since i was not clear i didnt make a

ny change and came out of the configuration.

Jennifer Halim · ‎03-22-2010

Because you choose "yes" to modify the configuration while going through the process:

Modify interface/virtual sensor configuration?[no]: yes

You can modify the management interface, ie: unassign it, and modify the sensing interface settings. However, you can not swap, or delete those interfaces.

uthayaman · ‎03-22-2010

Thanks for your valuble time!!!

Yes!!!

I did the same what you have mentioned.What will happen if i change the se

nsing interface(adding three sensing interfaces).Will it affect any performance.

Jennifer Halim · ‎03-22-2010

Unfortunately you can't add anymore sensing interfaces on the AIP module. There is only 1 (gig0/1) of the module which is connected through the backplane of the ASA.

Here is how you configure traffic to be redirected towards the module from the ASA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

Note: You can only direct traffic to be inspected by the AIP module from the ASA. There is no other way.

uthayaman · ‎03-22-2010

Thanks for the clarification...

I will re do the configuration and let you know.