Chapter 19 Managing the AIP SSM and CSC SSM
Managing the CSC SSM
hostname(config)#
where class_map_name is the name of the traffic class. When you enter the
Step 3 With the access list you created in Step 1, use a match
Step 4 Create a policy map or modify an existing policy map that you want to use to send traffic to the CSC SSM. To do so, use the
where policy_map_name is the name of the policy map. The CLI enters the policy map configuration mode and the prompt changes accordingly.
Step 5 Specify the class map, created in Step 2, that identifies the traffic to be scanned. Use the class command to do so, as follows.
where class_map_name is the name of the class map you created in Step 2. The CLI enters the policy map class configuration mode and the prompt changes accordingly.
Step 6 If you want to enforce a
where n is the maximum simultaneous connections the adaptive security appliance will allow per client. This prevents a single client from abusing the services of the CSC SSM or any server protected by the SSM, including prevention of attempts at DoS attacks on HTTP, FTP, POP3, or SMTP servers that the CSC SSM protects.
Step 7 Assign the traffic identified by the class map as traffic to be sent to the CSC SSM. Use the csc command to do so, as follows.
hostname(config-pmap-c)# csc {fail-close fail-open}
The
Step 8 Use the
hostname(config)#
where policy_map_name is the policy map you configured in Step 4. If you want to apply the policy map to traffic on all the interfaces, use the global keyword. If you want to apply the policy map to traffic on
aspecific interface, use the interface interface_ID option, where interface_ID is the name assigned to the interface with the nameif command.
Only one global policy is allowed. You can override the global policy on an interface by applying a service policy to that interface. You can only apply one policy map to each interface.
The adaptive security appliance begins diverting traffic to the CSC SSM as specified.
| Cisco Security Appliance Command Line Configuration Guide |
|
