Chapter 19 Managing the AIP SSM and CSC SSM
Managing the AIP SSM
The AIP SSM can operate in one of two modes, as follows:
•Inline
•Promiscuous
You can specify how the adaptive security appliance treats traffic when the AIP SSM is unavailable due to hardware failure or other causes. Two keywords of the ips command control this behavior. The
For more information about configuring the operating mode of the AIP SSM and how the adaptive security appliance treats traffic during an AIP SSM failure, see the “Diverting Traffic to the AIP SSM” section on page
Getting Started with the AIP SSM
Configuring the AIP SSM is a
1.On the ASA 5500 series adaptive security appliance, identify traffic to divert to the AIP SSM (as described in the “Diverting Traffic to the AIP SSM” section on page
2.On the AIP SSM, configure the inspection and protection policy, which determines how to inspect traffic and what to do when an intrusion is detected. Because the IPS software that runs on the AIP SSM is very robust and beyond the scope of this document, detailed configuration information is available in the following separate documentation:
•Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface.
•Command Reference for Cisco Intrusion Prevention System
Diverting Traffic to the AIP SSM
You use MPF commands to configure the adaptive security appliance to divert traffic to the AIP SSM. Before configuring the adaptive security appliance to do so, read Chapter 18, “Using Modular Policy Framework,” which introduces MPF concepts and common commands.
To identify traffic to divert from the adaptive security appliance to the AIP SSM, perform the following steps:
Step 1 Create an access list that matches all traffic:
hostname(config)#
Cisco Security Appliance Command Line Configuration Guide
|
| |
|