Re: AIP-SSM and CSC-SSM together in a network

shijomon scaria · ‎02-28-2008

First time am here so plz forgive me if there is any mistakes from my side.

I want to implement Itrusion Prevention and Anti X features in a network, i prefer ASA and SSM modules, how can i install it successfully, is it possible in single ASA device otherwise how can i connet two ASAs to meet the purpose.

Thank You

amritpatek · ‎03-07-2008

You can use both AIP-SSM and CSC-SSM together on an ASA 5550. Following links may help you

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/cscssm.html

http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/cli/cliSSM.html

fropert · ‎03-08-2008

Hello,

That's incorrect.

Considering you want ASA technology, two appliances are needed.The first with AIP and the second with CSC.

AIP-SSM and CSC-SSM are slotable in ASA 5510, 5520 and 5540.

Thanks.

shijomon scaria · ‎03-17-2008

Hello Sir,

I need both AIP-SSM and CSC-SSM together in a network, it is not possible to insert both in a single divice, isn't it? So i have to use two ASAs right ? So my question is how can i connet both the devices physically in a network, i need to pass the traffice from one to another...

Thank U

jens.becker · ‎03-19-2008

Why don't you choose one ASA with CSC-SSM for Anti-X functions as Firewall.

For deeper Packet-Inspection i can recommend a seperate IPS-System, for example a prodoct of the Cisco IPS 4200 family.

You can work with SPAN (Switched Port Analyzer) on the Perimeter Switches for sending traffic to the IPS-System before entering the local network.

Traffic-Map:

Outside <-> ASA w. CSC <-> IPS <-> Local Network