ASA 5505 IPS/IDS Module

Answered Question
Feb 21st, 2012

HI Experts ,

Can you please give me an idea about what this IPS/IDS module for ASA 5505 is ?

How much does it cost ? How do I install it and configure it to work with ASA 5505 ?

We also have a few site to site VPN setup from ASA 5505 . Would this affect it in someway ?

Many Thanks ,

Anup

I have this problem too.
0 votes
Correct Answer by rhermes about 2 years 1 month ago

Anup -

You should be able to find the links I provided for you with a general search on Cisco's website for "ssc-5" and "installation" and "configure".

No, you would still have the ASA terminate the Internet access. You want to have the SSC-5 (IPS) module monitor the INSIDE interfaces, (you always want to perform IDS/IPS on the inside of a firewall). This way you will see the traffic after it has been decrypted on your VPN and after the traffic has been filtered by your firewall rules.

- Bob

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
rhermes Tue, 02/21/2012 - 14:38

The SSC-5 module is a small (and I mean is has HALF the ram of a regular ISP Sensor) IPS Sensor module that fits inside the ASA5505 chassis. Because of the limited heat dissipation abilities of the ASA5505, they couldn'tt afford to give it more ram. Here is the spec sheet on it:

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-528621.html

The SSC-5 module has it's own processor and (IPS) OS, so it should not effect the VPN features you use in your ASA today. Here is how to install it:

http://www.cisco.com/en/US/partner/docs/security/ips/6.2/installation/guide/hw_installing_ssc.html

And how to configure it:

http://www.cisco.com/en/US/partner/docs/security/ips/6.2/configuration/guide/cli/cli_ssc.html

- Bob

anupsasikumar Wed, 02/22/2012 - 13:10

Hi Bob ,

Thanks you for providing the information . But I am unable to view them as I don 't have a partner privllege Cisco ID !

Would I have to change the current internet connection from ASA outside interface to some port on the IDS/IPS module ?

I have also heard IDS/IPS won 't be able to detect threats on encrypted traffic like VPN traffic and VPNs will have to be terminated before the IDS/IPS module . Can you also please provide your thoughts on this ?

Thanks ,

Anup

Correct Answer
rhermes Wed, 02/22/2012 - 19:30

Anup -

You should be able to find the links I provided for you with a general search on Cisco's website for "ssc-5" and "installation" and "configure".

No, you would still have the ASA terminate the Internet access. You want to have the SSC-5 (IPS) module monitor the INSIDE interfaces, (you always want to perform IDS/IPS on the inside of a firewall). This way you will see the traffic after it has been decrypted on your VPN and after the traffic has been filtered by your firewall rules.

- Bob

anupsasikumar Thu, 02/23/2012 - 18:14

Hi Bob ,

Thank you so much for briefing me on IPS/IDS module. It was indeed helpful . I think I now have an idea about it to get it started off and implement it in our network .

Regards,

Anup

Actions

Login or Register to take actions

This Discussion

Posted February 21, 2012 at 12:29 AM
Stats:
Replies:4 Avg. Rating:5
Views:6379 Votes:0
Shares:0
Tags: asa_5505, ips, ids
+

Related Content

Discussions Leaderboard

Rank Username Points
1 816
2 668
3 603
4 526
5 367
Rank Username Points
15
5
5
5
5