Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisca ASA AIP SSM module signatures

Hello,

Does any one know if AIP SSM installed in Cisco ASA, can it redirect traffic from all the ports to AIP SSM module for inspection? (inside, dmz, outside)

Recently one of our machines on the inside network got malware affected and it started ssh brute force attack on random hosts on internet. I would like to find out if I have AIP SSM on my ASA, would it be able to detect such attacks/traffic type, from inside interface and inform me or give an indication that some host on inside network is infected??

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions

Cisca ASA AIP SSM module signatures

Hello,

Does any one know if AIP SSM installed in Cisco ASA, can it redirect  traffic from all the ports to AIP SSM module for inspection? (inside,  dmz, outside)?

A/ Yes, You will need to select witch traffic to send to the IPS module, usually you will see a access-list matching all traffic (   permit ip any any so all traffic from all the interfaces will be inspected)

Recently one of our machines on the inside network got malware affected  and it started ssh brute force attack on random hosts on internet. I  would like to find out if I have AIP SSM on my ASA, would it be able to  detect such attacks/traffic type, from inside interface and inform me or  give an indication that some host on inside network is infected??

A/ The IPS module will be able to inspect that traffic and based on his signatures or on the behavior of the host detect the attack and deppending of its configuration ( Inline or promiscuos mode) It will drop the packet inmediatly.

Regards,

Julio

Do rate all the helpful posts!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
2 REPLIES

Cisca ASA AIP SSM module signatures

Hello,

Does any one know if AIP SSM installed in Cisco ASA, can it redirect  traffic from all the ports to AIP SSM module for inspection? (inside,  dmz, outside)?

A/ Yes, You will need to select witch traffic to send to the IPS module, usually you will see a access-list matching all traffic (   permit ip any any so all traffic from all the interfaces will be inspected)

Recently one of our machines on the inside network got malware affected  and it started ssh brute force attack on random hosts on internet. I  would like to find out if I have AIP SSM on my ASA, would it be able to  detect such attacks/traffic type, from inside interface and inform me or  give an indication that some host on inside network is infected??

A/ The IPS module will be able to inspect that traffic and based on his signatures or on the behavior of the host detect the attack and deppending of its configuration ( Inline or promiscuos mode) It will drop the packet inmediatly.

Regards,

Julio

Do rate all the helpful posts!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Cisca ASA AIP SSM module signatures

Thanks Julio!

300
Views
0
Helpful
2
Replies
CreatePlease to create content