Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems ASA 5500 manual Managing the AIP SSM, About the AIP SSM, •Checking SSM Status, page

Models: ASA 5500

1 16

Download 16 pages 52 Kb

Page 1

C H A P T E R 19

C H A P T E R 19

Managing the AIP SSM and CSC SSM

The Cisco ASA 5500 series adaptive security appliance supports a variety of SSMs. This chapter describes how to configure the adaptive security appliance to support an AIP SSM or a CSC SSM, including how to send traffic to these SSMs.

For information about the 4GE SSM for the ASA 5000 series adaptive security appliance, see Chapter 4, “Configuring Ethernet Settings and Subinterfaces”.

Note The Cisco PIX 500 series security appliances does not support SSMs.

This chapter includes the following sections:

•Managing the AIP SSM, page 19-1

•Managing the CSC SSM, page 19-5

•Checking SSM Status, page 19-13

•Transferring an Image onto an SSM, page 19-14

Managing the AIP SSM

This section contains the following topics:

•About the AIP SSM, page 19-1

•Getting Started with the AIP SSM, page 19-2

•Diverting Traffic to the AIP SSM, page 19-2

•Sessioning to the AIP SSM and Running Setup, page 19-4

About the AIP SSM

The ASA 5500 series adaptive security appliance supports the AIP SSM, which runs advanced

IPS software that provides further security inspection. The adaptive security appliance diverts packets to the AIP SSM just before the packet exits the egress interface (or before VPN encryption occurs, if configured) and after other firewall policies are applied. For example, packets that are blocked by an access list are not forwarded to the AIP SSM.

Cisco Security Appliance Command Line Configuration Guide

	OL-8629-01	19-1

Image 1

Cisco Systems ASA 5500 manual About the AIP SSM, •Managing the AIP SSM, page, •Managing the CSC SSM, page, 19-1

Contents

About the AIP SSM Managing the AIP SSM•Managing the AIP SSM, page •Managing the CSC SSM, pageDiverting Traffic to the AIP SSM Getting Started with the AIP SSM19-2 Chapter 19 Managing the AIP SSM and CSC SSMhostnameconfig# access-listIPS permit ip any any 19-3hostnameconfig# class-map my-ips-class 19-4 Sessioning to the AIP SSM and Running SetupAbout the CSC SSM Managing the CSC SSM•About the CSC SSM, page •Getting Started with the CSC SSM, pageFigure 19-6Flow of Scanned Traffic with CSC SSM Security Appliance19-7 Getting Started with the CSC SSM•DNS server IP address 19-819-9 Determining What Traffic to ScanSecurity appliance 19-10192.168.10.0 inside outsideDiverting Traffic to the CSC SSM Limiting Connections Through the CSC SSMExample pagehostnameconfig-cmap# match access-list acl-name 19-12hostnameconfig-pmap-c# csc fail-close | fail-open hostnameconfig#19-13 Checking SSM StatusChapter 19 Managing the AIP SSM and CSC SSM Checking SSM Status19-14 Transferring an Image onto an SSMChapter 19 Managing the AIP SSM and CSC SSM Transferring an Image onto an SSMwhere slot is the slot number occupied by the SSM 19-15Step 3 Check the progress of the image transfer and SSM restart process. To do so, use the show module command. For details, see the “Checking SSM Status” section on page 19-16