We've got an ASA 5510 and we're moving to get all our remote users on the SSL/VPN option with this.
However, we'd like to be protected 100% from any remote client that manages to get themselves a virus before connecting to us remotely.
I've been reading on both the AIP and CSC SSM's, but I can't quite distinguish the difference between them. It sounds like they both scan for viruses and other malicious traffic. What's the difference of the two?
Also, we use an internal Trend Micro proxy server for scanning our users internet traffic. It sound like one of these modules (or maybe both can) actually take over this role. Can someone who is using this virus scanning/url-blocking feature on the asa give me an idea on how detail rich the configuration options are? Is it very basic, just plug it in and one simple configuration, or is there a plethora of options for detailed configuration?
Thanks for any info!
(I'm still reading so hopefully I'll have a good grasp on this here soon)
The CSC Module is a small TrendMicro Appliance that scans your Http (and Email?) traffic inline. This appliance might save you a proxy server. The AIP-SSM is a full blown Intrusion Prevention System that monitors the firewall traffic via its IPS signatures. You should have additional monitoring or correlation software (like Cisco MARS or Prelude/Prewikka) to help you manage and interpret your IPS data.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...