I want to configure a new asa 5510 with a SSM module to carry out IPS/IDS across a trunk.
At present, ssl traffic comes in from the internet through an external firewall, down through a web switch to a CSS where the ssl terminates. The traffic is then load balanced to a number of webservers, all of which are connected to the same web switch. this is probably better explained in the attached diagram.
Ideally I would like to place the asa (with ssm module) between the web switch and the css (on the trunk link in the diagram) and have it carry out ids/ips on two vlans (carrying the unencrypted traffic) and not carry out ids on the encrypted traffic, although if needs be i can just tune out alerts for the encrypted traffic.
Is it possible to do this with the asa in transparent mode, using Inline VLAN pairs?
Thanks in advance,