The Cisco IPS 4240 is a little too expensive and has too much "horse power" for our needs. I know I can connect the AIP-SSM to our ASA 5510 to scan traffic going through the ASA. What if I have my core router on our internal network send all traffic from all nodes to the ASA as the next hop for review by the AIP-SSM instead of sending the traffic directly to the internal destination? Is this recommended? Will it work? Have you tried it?
I have this problem too.