Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
668
Views
0
Helpful
6
Replies

AIP-20 Vs 4255- Recomended Solution?

Go to solution
mvsheik123
Level 7
Level 7

‎07-25-2010 04:08 PM - edited ‎03-10-2019 05:04 AM

Hello experts,

We have 5510 ASA pair (Active/stdby) at the perimeter. For implementing IPS solution, wondering if 4255 is is recomended or AIP-20 SSM modules in ASA5510 would be our better bet. Future internet  growth- tops 200Meg (dual 100Meg pipes)

TIA

MS

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rhermes
Level 7
Level 7
In response to mvsheik123

‎07-26-2010 02:10 PM

I the ethernet interface on the AIP-SSM modules can only be used for management interface access.

The internal access via the ASA does not allow for the webgui access or event flows, only CLI access.

- Bob

View solution in original post

0 Helpful
6 Replies 6

Go to solution
rhermes
Level 7
Level 7

‎07-26-2010 10:03 AM

It depends on a few things.

Do you want to do in-line IPS or Promiscious mode IDS?

What is the expected traffic volume to be passing thru these sensors?

What you want to be careful about is place a single sensor in-line with dual firewalls. This thread explanes why:

https://supportforums.cisco.com/thread/2032810?tstart=0

The 4255 has twice the processing power of the AIP-SSM20, meaning it can handle twice the traffic. If you are doing promisicous mode detection, a single sensor will be easier to maintain.

- Bob

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to rhermes

‎07-26-2010 10:43 AM

Hi Bob,

Thanks for taking my quesry again. The other thread was when I thought of adding a 4255 but later few cisco tech mentioned better to go with AIP module- hence the new thread..;-).

We want to start prmiscous mode (that way we can understand/study the traffic) , then move to in-line. Does AIPs support this way?

If I decide finally with 4255, then I may ended up in buying 2 (if place in-line).

After all the user traffic rerouted to single location, anticipated usage 50-60Meg. Also, we may have upto 200 Meg internet (2x100).

TIA

MS

0 Helpful

Go to solution
rhermes
Level 7
Level 7
In response to mvsheik123

‎07-26-2010 01:26 PM

Yes the AIP-SSM modules support both in-line IPS and Promiscious mode IDS.

- Bob

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to rhermes

‎07-26-2010 01:59 PM

Thanks again Bob. Also, the port on AIP modules, this is purely for management kind or its a gig (10/100/1000) that can be used as additional port on ASA (ex: DMZ2 etc).


Thanks

MS

0 Helpful

Go to solution
rhermes
Level 7
Level 7
In response to mvsheik123

‎07-26-2010 02:10 PM

I the ethernet interface on the AIP-SSM modules can only be used for management interface access.

The internal access via the ASA does not allow for the webgui access or event flows, only CLI access.

- Bob

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to rhermes

‎07-27-2010 03:21 PM

Great..thank you Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card