×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA CSC-SSM set up

Unanswered Question

OK, might be a dumb question but wanted to know when setting up the CSC SSM network module and management interface if I will need to have a seperate VLAn set up for the management network to be able to have my traffic scanned by the CSC device and to log in to the management port for ADSM log in? In looking at documentation I don't see anything saying I do but if I have a seperate management network I am guessing that I will need to?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
gfullage Mon, 06/19/2006 - 18:58
User Badges:
  • Cisco Employee,

The management port on the ASA is simply treated like any other port, in that it has to be on it's own subnet (and therefore it's own VLAN). The only difference with the management port is that it does not pass traffic through the ASA, so it is not used for standard traffic, only to-the-box traffic.


You don't actually have to use it for ASDM though, you can simply not configure it and then ASDM to your inside/dmz/outside interface address. The management interface is simply there for customers who like a completely separate network/interface for management purposes, but if you don't have that then don't use it (or set it up as another DMZ if you like).


As for the CSC-SSM, not sure what you're asking. The port on the back of the SSM is for the management of the SSM module, yes. This can be a unique subnet/vlan again, or you can give it the same subnet address as say, your inside interface on the ASA. Then the cables from the SSM and the inside interface simply plug back into the same switch.


Treat the cabling and addressing of the SSM as a completely separate device to the ASA, so the two devices can be on the same subnet or different, and the cables from the SSM and the ASA can go into the same switch or different.


Note that for the CSC-SSM to get updates of new viruses/etc, it will try and connect to Trned's web site via its own management port (the one on the back of the SSM module itself), so you need to make sure it has Internet access.


Hope that helps.

Actions

This Discussion