Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1679
Views
2
Helpful
6
Replies

ASA and RSPAN

MIWConsulting
Level 1
Level 1

‎11-03-2008 11:02 AM - edited ‎03-10-2019 04:21 AM

Hi all,

I am looking at implementing an ASA system for multiple branches (17) in a client site.

I know that the ASA 5510 can have the AIP-SSM module installed, where the 5505 cannot. I want to be able to offer firewall, an IPSEC VPN back to the hub site and IPS in a promiscious mode. I believe the ASA 5510 w/ AIP-SSM can do this.

I would ideally place the ASA at the ingress point to the brach office to monitor traffic coming into the branch office and use RSPAN to forward all traffic from a sensitive VLAN mirrored to a capture port on the ASA. I'm assuming this can be done, but I would like to make sure.

So, in a nutshell, can the ASA act as a border firewall AND be used to perform IPS functionality on an RSPAN port, where the 4 switches (4 different closets) forward all traffic via the RSPAN port into the ASA AIP-SSM card?

Thanks.

Labels:
0 Helpful
6 Replies 6

rhermes
Level 7
Level 7

‎11-03-2008 11:15 AM

no

darrenj
Level 1
Level 1
In response to rhermes

‎11-03-2008 11:33 AM

Why not!? I have used an ASA as an fw, VPN termination and IPS device no problem....

Dazzler

0 Helpful

darrenj
Level 1
Level 1
In response to darrenj

‎11-03-2008 11:35 AM

Hang on, have re-read the post. I think I know where you are coming from, there is no promiscous port to SPAN to. You can however use IPS on traffic passing through the firewall....

0 Helpful

MIWConsulting
Level 1
Level 1
In response to darrenj

‎11-03-2008 11:39 AM

So would there be any way to monitor the traffic going on inside the branch office? Would getting a seperate IPS the only way?

0 Helpful

MIWConsulting
Level 1
Level 1
In response to rhermes

‎11-03-2008 03:29 PM

Hi rhermes,

Could you possibly expand on your answer? Is it because I am trying to do passive monitoring? Could I do in-line monitoring in this scenario instead?

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card