Cisco Systems ASA 5500 manual Cisco AIP SSM and CSC SSM, SSM CPU Dram

Page 28

Chapter 3 Installing Optional SSMs

Cisco AIP SSM and CSC SSM

Cisco AIP SSM and CSC SSM

The ASA 5500 series adaptive security appliance supports the AIP SSM (Advanced Inspection and Prevention Security Services Module) and the CSC SSM (Content Security Control Security Services Module), also referred to as the intelligent SSM.

The AIP SSM runs advanced IPS software that provides security inspection. There are two models of the AIP SSM: the AIP SSM 10 and the AIP SSM 20. Both types look identical, but the AIP SSM 20 has a faster processor and more memory than the AIP SSM 10. Only one module (the AIP SSM 10 or the AIP SSM 20) can populate the slot at a time.

Table 3-4lists the memory specifications for the AIP SSM 10 and the

AIP SSM 20.

Table 3-4

SSM Memory Specifications

 

 

 

SSM

CPU

DRAM

 

 

 

 

AIP SSM 10

2.0

GHz Celeron

1.0 GB

 

 

 

 

AIP SSM 20

2.4

GHz Pentium 4

2.0 GB

 

 

 

 

For more information on the AIP SSM, see the “Managing the AIP SSM” section in the Cisco Security Appliance Command Line Configuration Guide.

The CSC SSM runs Content Security and Control software. The CSC SSM provides protection against viruses, spyware, spam, and other unwanted traffic. For more information on the CSC SSM, see the “Managing the CSC SSM” section in the Cisco Security Appliance Command Line Configuration Guide.

This section describes how to install and replace the SSM in the adaptive security appliance. Figure 3-5lists the SSM LEDs.

 

Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide

3-8

78-17611-01

Image 28
Contents For the Cisco ASA 5510, ASA 5520, and ASA Page N T E N T S IiiScenario DMZ Configuration Implementing the Site-to-Site Scenario What to Do Next Before You Begin ASAASA 5500 with AIP SSM ASA 5500 with CSC SSM ASA 5500 with 4GE SSM Installing the Cisco ASA Verifying the Package Contents Installing the Chassis Installing the Right and Left Brackets Rack-Mounting the ChassisPorts and LEDs Rack-Mounting the ChassisLED Section in the Cisco Security Appliance Command Reference Indicator Color Description What to Do Next To Do This SeeInstalling the Cisco ASA What to Do Next Installing Optional SSMs Cisco 4GE SSM4GE SSM Components LinkInstalling the Cisco 4GE SSM SpeedInstalling the SFP Modules SFP Module, Installing the SFP Module,SFP Module SFP Module Type of Connection Cisco Part NumberInstalling the SFP Module Installing an SFP Module Cisco AIP SSM and CSC SSM SSM CPU DramInstalling an SSM Continue with , Connecting Interface Cables Connecting Interface Cables Connecting Cables to Interfaces Management port RJ-45 to RJ-45 Ethernet cable RJ-45 Console port RJ-45 to DB-9 console cable RJ-45 AUX port RJ-45 to DB-9 console cable Ethernet ports RJ-45 connector Removing the Optical Port Plug Connecting the LC Connector SSM management port RJ-45 to RJ-45 cable Continue with , Configuring the Adaptive Security Appliance Configuring the Adaptive Security Appliance About the Factory-Default ConfigurationAbout the Adaptive Security Device Manager Before Launching the Startup Wizard Using the Startup Wizard Scenario Remote-Access SSM Scenario DMZ Configuration Example DMZ Network TopologyNetwork Layout for DMZ Configuration Scenario Outgoing Http Traffic Flow from the Private Network Configuring the Security Appliance for a DMZ Deployment Incoming Http Traffic Flow From the InternetConfiguration Requirements Starting Asdm Creating IP Pools for Network Address Translation 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 Configuring an External Identity for the DMZ Web Server 78-17611-01 Providing Public Http Access to the DMZ Web Server 78-17611-01 78-17611-01 78-17611-01 78-17611-01 78-17611-01 Scenario DMZ Configuration What to Do Next Configure a remote-access VPN Scenario DMZ Configuration What to Do Next Scenario Remote-Access VPN Configuration Example IPsec Remote-Access VPN Network TopologyImplementing the IPsec Remote-Access VPN Scenario Network Layout for Remote Access VPN ScenarioInformation to Have Available Starting Asdm Configuring the Fwsm for an IPsec Remote-Access VPN Selecting VPN Client Types 78-17611-01 Specifying a User Authentication Method 78-17611-01 Optional Configuring User Accounts Configuring Address Pools Configuring Client Attributes Configuring the IKE Policy 78-17611-01 Configuring IPsec Encryption and Authentication Parameters Specifying Address Translation Exception and Split Tunneling Verifying the Remote-Access VPN Configuration Scenario Remote-Access VPN Configuration What to Do Next DMZ Scenario Remote-Access VPN Configuration What to Do Next Scenario Site-to-Site VPN Configuration Example Site-to-Site VPN Network TopologyNetwork Layout for Site-to-Site VPN Configuration Scenario Implementing the Site-to-Site ScenarioConfiguring the Site-to-Site VPN Starting AsdmConfiguring the Security Appliance at the Local Site 78-17611-01 Providing Information About the Remote VPN Peer Configuring the IKE Policy Click Next to continue Configuring IPSec Encryption and Authentication Parameters Specifying Hosts and Networks Viewing VPN Attributes and Completing the Wizard 78-17611-01 Configuring the Other Side of the VPN Connection Scenario Site-to-Site VPN Configuration What to Do Next Configuring the AIP SSM AIP SSM ConfigurationOverview of Configuration Process Configuring the ASA 5500 to Divert Traffic to the AIP SSMHostnameconfig# class-mapclassmapname hostnameconfig-cmap# Interface interfaceID Sessioning to the AIP SSM and Running Setup CiscoLicense Notice Configuring the AIP SSM What to Do Next Configure protection of a DMZ web About the CSC SSM 10-1CSC SSM 10-210-3 CSC SSM Traffic Flow10-4 CSC SSMConfiguring the CSC SSM for Content Security 10-5Gather Information Obtain Software Activation Key from Cisco.com10-6 Launch Asdm 10-7Verify Time Settings 10-8Run the CSC Setup Wizard 10-910-10 10-11 10-12 10-13 Divert Traffic to the CSC SSM for Content Scanning 10-1410-15 10-16 10-17 10-18 10-19 Security tab 10-2010-21 10-22 Configuring the 4GE SSM for Fiber 11-1Cabling 4GE SSM Interfaces 11-2Setting the 4GE SSM Media Type for Fiber Interfaces Optional 11-311-4 11-5 11-6 Obtaining a DES License or a 3DES-AES License Command Purpose
Related manuals
Manual 49 pages 36.1 Kb Manual 16 pages 48.09 Kb Manual 16 pages 52 Kb

ASA 5500 specifications

Cisco Systems ASA 5500 is a robust security appliance designed to provide advanced network security and protection against both internal and external threats. Ideal for organizations of various sizes, the ASA 5500 series offers a wide range of features that combine firewall capabilities with intrusion prevention, VPN support, and application control, among others.

One of the key features of the ASA 5500 is its stateful firewall technology. This allows the device to monitor active connections and enforce security policies based on the state of the traffic. By maintaining the context of network sessions, the firewall can make informed decisions on whether to allow or deny traffic based on established rules.

In addition to traditional firewall functionalities, the ASA 5500 series integrates advanced intrusion prevention capabilities. By analyzing traffic patterns and identifying known threats, the IPS functionality helps organizations defend against a variety of malicious activities, such as DDoS attacks, malware, and unauthorized access attempts. The ASA 5500 continuously updates its threat intelligence through Cisco's global threat database, enhancing its ability to detect emerging threats in real-time.

Virtual Private Network (VPN) support is another significant aspect of the ASA 5500 series. The device offers secure, encrypted connections for remote users and branch offices, ensuring safe access to corporate resources over the Internet. It supports both IPsec and SSL VPN protocols, allowing organizations to choose the best option for their specific needs. This capability is crucial for businesses that require a secure environment for remote work.

The ASA 5500 series also features extensive application control and visibility tools. These tools enable organizations to manage and control the applications running on their network, ensuring that only authorized applications can communicate through the firewall. This level of control helps to mitigate risks associated with unauthorized applications, which can lead to data breaches or reduced productivity.

Moreover, the ASA 5500 is designed with high availability and scalability in mind. Its clustering support ensures that multiple units can work together to provide redundancy and load balancing, enhancing both performance and reliability. This characteristic is especially important for organizations looking to maintain continuous operation during traffic spikes or hardware failures.

In summary, Cisco Systems ASA 5500 is an all-in-one security solution that combines stateful firewall protection, intrusion prevention, VPN capabilities, and application control. With its robust feature set and focus on security, it is well-suited for organizations seeking to protect their networks from an ever-evolving landscape of cyber threats. Whether for small businesses or large enterprises, the ASA 5500 provides the necessary tools to create a secure networking environment.