11-03-2008 11:02 AM - edited 03-10-2019 04:21 AM
Hi all,
I am looking at implementing an ASA system for multiple branches (17) in a client site.
I know that the ASA 5510 can have the AIP-SSM module installed, where the 5505 cannot. I want to be able to offer firewall, an IPSEC VPN back to the hub site and IPS in a promiscious mode. I believe the ASA 5510 w/ AIP-SSM can do this.
I would ideally place the ASA at the ingress point to the brach office to monitor traffic coming into the branch office and use RSPAN to forward all traffic from a sensitive VLAN mirrored to a capture port on the ASA. I'm assuming this can be done, but I would like to make sure.
So, in a nutshell, can the ASA act as a border firewall AND be used to perform IPS functionality on an RSPAN port, where the 4 switches (4 different closets) forward all traffic via the RSPAN port into the ASA AIP-SSM card?
Thanks.
11-03-2008 11:15 AM
no
11-03-2008 11:33 AM
Why not!? I have used an ASA as an fw, VPN termination and IPS device no problem....
Dazzler
11-03-2008 11:35 AM
Hang on, have re-read the post. I think I know where you are coming from, there is no promiscous port to SPAN to. You can however use IPS on traffic passing through the firewall....
11-03-2008 11:39 AM
So would there be any way to monitor the traffic going on inside the branch office? Would getting a seperate IPS the only way?
11-03-2008 12:31 PM
yes
11-03-2008 03:29 PM
Hi rhermes,
Could you possibly expand on your answer? Is it because I am trying to do passive monitoring? Could I do in-line monitoring in this scenario instead?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: