12-02-2011 12:56 PM - edited 03-10-2019 05:33 AM
The Cisco IPS 4240 is a little too expensive and has too much "horse power" for our needs. I know I can connect the AIP-SSM to our ASA 5510 to scan traffic going through the ASA. What if I have my core router on our internal network send all traffic from all nodes to the ASA as the next hop for review by the AIP-SSM instead of sending the traffic directly to the internal destination? Is this recommended? Will it work? Have you tried it?
12-02-2011 01:23 PM
Hello Michael.
The IPS 4240 runs
250 Mbps
The 5510 runs either
150 Mbps (with AIP SSM-10)
300 Mbps (with AIP SSM-20)
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~mid-range
This will work.
As far as expensive , try getting used / refurbished.
There are a lot of companies like Myriad supply etc etc.
Saar
12-02-2011 02:04 PM
Thanks Saar
I not allowed to purchased used or refurbished equipment, but will give it another try.
Would you suggest pushing local node traffic destined for another local node through the AIP SSM-10 for inspection?
12-02-2011 02:44 PM
Hello Michael
The AIP SSM- has a limited Mbps so I would not recommend pushing the local traffic through it.
Saar
12-02-2011 02:46 PM
Saar Harel - Thank you for your input. I'm going to try for the Cisco IPS 4240 via Myriad. Now to get management to change their decision on used equipment.
12-05-2011 12:56 AM
Hi again Michael
When you here write that it can handle so and so much traffic then are you aware of that you control which type of traffic you pass through the SSM module through access-lists? hereby you can reduce the amount of traffic needed to inspect to a small fragment of the total traffic
best regards /ti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide