Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
3
Helpful
2
Replies

ASA CSC-SSM set up

smckenna
Level 1
Level 1

‎06-19-2006 06:00 PM - edited ‎02-21-2020 12:59 AM

OK, might be a dumb question but wanted to know when setting up the CSC SSM network module and management interface if I will need to have a seperate VLAn set up for the management network to be able to have my traffic scanned by the CSC device and to log in to the management port for ADSM log in? In looking at documentation I don't see anything saying I do but if I have a seperate management network I am guessing that I will need to?

0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎06-19-2006 06:58 PM

The management port on the ASA is simply treated like any other port, in that it has to be on it's own subnet (and therefore it's own VLAN). The only difference with the management port is that it does not pass traffic through the ASA, so it is not used for standard traffic, only to-the-box traffic.

You don't actually have to use it for ASDM though, you can simply not configure it and then ASDM to your inside/dmz/outside interface address. The management interface is simply there for customers who like a completely separate network/interface for management purposes, but if you don't have that then don't use it (or set it up as another DMZ if you like).

As for the CSC-SSM, not sure what you're asking. The port on the back of the SSM is for the management of the SSM module, yes. This can be a unique subnet/vlan again, or you can give it the same subnet address as say, your inside interface on the ASA. Then the cables from the SSM and the inside interface simply plug back into the same switch.

Treat the cabling and addressing of the SSM as a completely separate device to the ASA, so the two devices can be on the same subnet or different, and the cables from the SSM and the ASA can go into the same switch or different.

Note that for the CSC-SSM to get updates of new viruses/etc, it will try and connect to Trned's web site via its own management port (the one on the back of the SSM module itself), so you need to make sure it has Internet access.

Hope that helps.

smckenna
Level 1
Level 1
In response to gfullage

‎06-20-2006 02:48 AM

Mr. Fullage, thank you for this concise explanation. Just needed a little clarity re this. I believe this is all I needed. Thanks much!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card