02-21-2012 12:29 AM - edited 03-10-2019 05:37 AM
HI Experts ,
Can you please give me an idea about what this IPS/IDS module for ASA 5505 is ?
How much does it cost ? How do I install it and configure it to work with ASA 5505 ?
We also have a few site to site VPN setup from ASA 5505 . Would this affect it in someway ?
Many Thanks ,
Anup
Solved! Go to Solution.
02-22-2012 07:30 PM
Anup -
You should be able to find the links I provided for you with a general search on Cisco's website for "ssc-5" and "installation" and "configure".
No, you would still have the ASA terminate the Internet access. You want to have the SSC-5 (IPS) module monitor the INSIDE interfaces, (you always want to perform IDS/IPS on the inside of a firewall). This way you will see the traffic after it has been decrypted on your VPN and after the traffic has been filtered by your firewall rules.
- Bob
02-21-2012 02:38 PM
The SSC-5 module is a small (and I mean is has HALF the ram of a regular ISP Sensor) IPS Sensor module that fits inside the ASA5505 chassis. Because of the limited heat dissipation abilities of the ASA5505, they couldn'tt afford to give it more ram. Here is the spec sheet on it:
The SSC-5 module has it's own processor and (IPS) OS, so it should not effect the VPN features you use in your ASA today. Here is how to install it:
http://www.cisco.com/en/US/partner/docs/security/ips/6.2/installation/guide/hw_installing_ssc.html
And how to configure it:
http://www.cisco.com/en/US/partner/docs/security/ips/6.2/configuration/guide/cli/cli_ssc.html
- Bob
02-22-2012 01:10 PM
Hi Bob ,
Thanks you for providing the information . But I am unable to view them as I don 't have a partner privllege Cisco ID !
Would I have to change the current internet connection from ASA outside interface to some port on the IDS/IPS module ?
I have also heard IDS/IPS won 't be able to detect threats on encrypted traffic like VPN traffic and VPNs will have to be terminated before the IDS/IPS module . Can you also please provide your thoughts on this ?
Thanks ,
Anup
02-22-2012 07:30 PM
Anup -
You should be able to find the links I provided for you with a general search on Cisco's website for "ssc-5" and "installation" and "configure".
No, you would still have the ASA terminate the Internet access. You want to have the SSC-5 (IPS) module monitor the INSIDE interfaces, (you always want to perform IDS/IPS on the inside of a firewall). This way you will see the traffic after it has been decrypted on your VPN and after the traffic has been filtered by your firewall rules.
- Bob
02-23-2012 06:14 PM
Hi Bob ,
Thank you so much for briefing me on IPS/IDS module. It was indeed helpful . I think I now have an idea about it to get it started off and implement it in our network .
Regards,
Anup
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide