topic Re: Inspecting traffic one way in Network Security

Inspecting traffic one way

brobinson — Sun, 10 Mar 2019 11:23:32 GMT

Hi, is there a way on IPS v6.1 to only inspect traffic in one direction? Implementation is pair interfaces. Thanks!

Re: Inspecting traffic one way

sadbulali — Tue, 02 Dec 2008 17:28:54 GMT

You can configure AIP-SSM to inspect traffic in inline or promiscuous mode and in fail-open or fail-over mode.On the adaptive security appliance, to identify traffic to be diverted to and inspected by AIP-SSM:

1. Create or use an existing ACL.

2. Use the class-map command to define the IPS traffic class.

3. Use the policy-map command to create an IPS policy map by associating the traffic class with one or more actions.

4. Use the service-policy command to create an IPS security policy by associating the policy map with one or more interfaces.The AIP SSM runs advanced IPS software that provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network. This section includes the following topics:

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_ssm.html#wp1046877

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ssm.html

Re: Inspecting traffic one way

rhermes — Tue, 02 Dec 2008 20:25:59 GMT

There is a setting for "loose" TCP processing that is supposed to allow the sensor to watch only half of a TCP conversation, but we found it didn'twork very well and CPU unexpectedly increased significantly as a result.

Re: Inspecting traffic one way

brobinson — Thu, 04 Dec 2008 23:27:50 GMT

Thanks for all the replies! Good info. : )