Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
9
Helpful
7
Replies

Cisco ASA questions

nitass
Level 1
Level 1

‎03-14-2006 10:26 PM - edited ‎02-21-2020 12:46 AM

Hi everybody,

I’ve a few questions about ASA with AIP-SSM. Could you please clarify me?

1. Is the management interface of AIP-SSM necessary? Can I use IPS feature without it?

2. Can I use ASA as an IDS box? I mean just for sniffing traffic only. How can I connect it to network?

Please advice.

Thanks,

Nitass

0 Helpful
7 Replies 7

attrgautam
Level 5
Level 5

‎03-15-2006 03:11 AM

1) AFAIK the mgmt interface is jus for that. Management only. IPS can very well work without that as the traffic to the IPS will be switched on the backplane.

2) The AIP-SSM can be used as an IDS. The ASA will have to pass traffic inline and redirect the traffic to the AIP-SSM in promiscuous mode.

nitass
Level 1
Level 1
In response to attrgautam

‎03-15-2006 04:56 AM

Thanks for your reply.

Regarding to use AIP-SSM as IDS, I don’t want to place it in the path of traffic. I’d like to configure SPAN port or something like that on switch and connect it to the AIP-SSM. Can I do that? What’s interface that it should be used? Mgmt of AIP-SSM? ASA’s Ethernet interfaces?

Please advice.

Thanks a lot,

Nitass

0 Helpful

attrgautam
Level 5
Level 5
In response to nitass

‎03-15-2006 05:06 AM

Doubt if you can use the AIP-SSM sitting in an ASA in such a scenario. The typical scenario is to put the ASA inline and push all the traffic to the SSM through the backplane using 'Span' (actually sending a copy through the backplane). The Mgmt interfaces are used for only mgmt.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df98.html

This link will explain how to install AIP-SSM in promiscuous mode.

0 Helpful

nitass
Level 1
Level 1
In response to attrgautam

‎03-15-2006 07:56 AM

Really I just want to know if the ASA can replace the existing IDS device in the network. Because I’ve gotten the notification email about the IPS device will be replaced with the ASA with AIP-SSM.

Any suggestion please let me know.

Thanks a lot,

Nitass

0 Helpful

jackko
Level 7
Level 7
In response to nitass

‎03-15-2006 03:40 PM

i guess they offer similar features if not identical. performance on ssm is better than the basic model of 42xx.

one matter is that 42xx has more than one interface, and thus it can sniff multiple network segment at the same time; whereas ssm has only one monitor interface.

nitass
Level 1
Level 1
In response to jackko

‎03-15-2006 07:33 PM

Do you mean ASA with AIP-SSM can sniff traffic as IPS? I mean only one connection attach to the network.

Thanks a lot,

Nitass

0 Helpful

attrgautam
Level 5
Level 5
In response to nitass

‎03-16-2006 06:32 AM

If you are asking if the SSM can act as an IPS blocking attacks inline, the answer is yes. The AIP-SSM can act as either IPS or IDS

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card