topic Re: Query on SSM (as IPS) on ASA (5505/5510/5520) in Network Security

Query on SSM (as IPS) on ASA (5505/5510/5520)

mvsheik123 — Sun, 10 Mar 2019 11:33:22 GMT

Hi All,

I have ASA terminating the VPN clients (remote access or L2L vpn), and if I have SSM installed on ASA (to act as IPS), will this ASA successfully be able to perform real-time spam/virus filtering even for the encrypted traffic that is coming through the remote client VPN or client via L2L vpn.? if so, any special license also needed for the ASA..?

Thank you in advance

Re: Query on SSM (as IPS) on ASA (5505/5510/5520)

bnidacoc — Fri, 20 Mar 2009 17:32:17 GMT

I would suspect the module would analyze because it is my experience that inbound traffic on an interface is decrypted, then ACLs are applied on the decrypted traffic. And as people here have said that the IPS works post ACL, I believe that inbound traffic is processed like this; decryption -> access control -> inspection.

However, you mention spam and I am not sure if you are talking about the IPS modules, as I had thought they did not prevent spam. Although they could prevent some malicious attachments.