11-25-2008 04:24 PM - edited 03-10-2019 04:23 AM
Hi, is there a way on IPS v6.1 to only inspect traffic in one direction? Implementation is pair interfaces. Thanks!
12-02-2008 09:28 AM
You can configure AIP-SSM to inspect traffic in inline or promiscuous mode and in fail-open or fail-over mode.On the adaptive security appliance, to identify traffic to be diverted to and inspected by AIP-SSM:
1. Create or use an existing ACL.
2. Use the class-map command to define the IPS traffic class.
3. Use the policy-map command to create an IPS policy map by associating the traffic class with one or more actions.
4. Use the service-policy command to create an IPS security policy by associating the policy map with one or more interfaces.The AIP SSM runs advanced IPS software that provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network. This section includes the following topics:
http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_ssm.html#wp1046877
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ssm.html
12-02-2008 12:25 PM
There is a setting for "loose" TCP processing that is supposed to allow the sensor to watch only half of a TCP conversation, but we found it didn'twork very well and CPU unexpectedly increased significantly as a result.
12-04-2008 03:27 PM
Thanks for all the replies! Good info. : )
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide