Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19355
Views
5
Helpful
4
Replies

ASA 5505 IPS/IDS Module

Go to solution
Anup Sasikumar
Level 1
Level 1

‎02-21-2012 12:29 AM - edited ‎03-10-2019 05:37 AM

HI Experts ,

Can you please give me an idea about what this IPS/IDS module for ASA 5505 is ?

How much does it cost ? How do I install it and configure it to work with ASA 5505 ?

We also have a few site to site VPN setup from ASA 5505 . Would this affect it in someway ?

Many Thanks ,

Anup

Regards,
Anup
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rhermes
Level 7
Level 7
In response to Anup Sasikumar

‎02-22-2012 07:30 PM

Anup -

You should be able to find the links I provided for you with a general search on Cisco's website for "ssc-5" and "installation" and "configure".

No, you would still have the ASA terminate the Internet access. You want to have the SSC-5 (IPS) module monitor the INSIDE interfaces, (you always want to perform IDS/IPS on the inside of a firewall). This way you will see the traffic after it has been decrypted on your VPN and after the traffic has been filtered by your firewall rules.

- Bob

View solution in original post

0 Helpful
4 Replies 4

Go to solution
rhermes
Level 7
Level 7

‎02-21-2012 02:38 PM

The SSC-5 module is a small (and I mean is has HALF the ram of a regular ISP Sensor) IPS Sensor module that fits inside the ASA5505 chassis. Because of the limited heat dissipation abilities of the ASA5505, they couldn'tt afford to give it more ram. Here is the spec sheet on it:

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-528621.html

The SSC-5 module has it's own processor and (IPS) OS, so it should not effect the VPN features you use in your ASA today. Here is how to install it:

http://www.cisco.com/en/US/partner/docs/security/ips/6.2/installation/guide/hw_installing_ssc.html

And how to configure it:

http://www.cisco.com/en/US/partner/docs/security/ips/6.2/configuration/guide/cli/cli_ssc.html

- Bob

Go to solution
Anup Sasikumar
Level 1
Level 1
In response to rhermes

‎02-22-2012 01:10 PM

Hi Bob ,

Thanks you for providing the information . But I am unable to view them as I don 't have a partner privllege Cisco ID !

Would I have to change the current internet connection from ASA outside interface to some port on the IDS/IPS module ?

I have also heard IDS/IPS won 't be able to detect threats on encrypted traffic like VPN traffic and VPNs will have to be terminated before the IDS/IPS module . Can you also please provide your thoughts on this ?

Thanks ,

Anup

Regards,
Anup
0 Helpful

Go to solution
rhermes
Level 7
Level 7
In response to Anup Sasikumar

‎02-22-2012 07:30 PM

Anup -

You should be able to find the links I provided for you with a general search on Cisco's website for "ssc-5" and "installation" and "configure".

No, you would still have the ASA terminate the Internet access. You want to have the SSC-5 (IPS) module monitor the INSIDE interfaces, (you always want to perform IDS/IPS on the inside of a firewall). This way you will see the traffic after it has been decrypted on your VPN and after the traffic has been filtered by your firewall rules.

- Bob

0 Helpful

Go to solution
Anup Sasikumar
Level 1
Level 1
In response to rhermes

‎02-23-2012 06:14 PM

Hi Bob ,

Thank you so much for briefing me on IPS/IDS module. It was indeed helpful . I think I now have an idea about it to get it started off and implement it in our network .

Regards,

Anup

Regards,
Anup
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card