cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3201
Views
0
Helpful
3
Replies
Highlighted
Beginner

How to Support IDS in ASA 5505 and 5520?

Dear All;

we have the following HW configuration for the ASA 5505 and ASA 5520, We need to add the Intrusion Detection System (IDS) functionality to both ASA. My question is: what is/are the  module(s) required to support this function, and what is the deference between IPS and IDS, does the the same Module do the both functionality?

Part NoDescription QTY

ASA5505-BUN-K9

ASA 5505   Appliance with SW  10 Users  8 ports  3DES/AES

1

CON-SNT-AS5BUNK9

SMARTNET   8X5XNBD ASA5505-BUN-K9

1

SF-ASA5505-8.2-K8

ASA 5505 Series   Software v8.2

1

CAB-AC-C5

AC Power Cord   Type C5 US

1

ASA5500-ENCR-K9

ASA 5500 Strong Encryption License (3DES/AES)

1

ASA5505-PWR-AC

ASA 5505 AC   Power Supply Adapter

1

ASA5505-SW-10

ASA 5505 10   User software license

1

SSC-BLANK

ASA 5505 SSC   Blank Slot Cover

1

ASA-ANYCONN-CSD-K9

ASA 5500   AnyConnect Client + Cisco Security Desktop Software

1

Part NoDescriptionQTY

ASA5520-BUN-K9

ASA 5520   Appliance with SW  HA  4GE+1FE  3DES/AES

2

CON-SNT-AS2BUNK9

SMARTNET   8X5XNBD ASA5520 w/300 VPN Prs 4GE+1FE3DES/AES

2

ASA5520-VPN-PL

ASA 5520 VPN Plus 750 IPsec User License (7.0 Only)

2

ASA-VPN-CLNT-K9

Cisco VPN   Client Software (Windows Solaris Linux Mac)

2

SF-ASA-8.2-K8

ASA 5500 Series   Software v8.2

2

CAB-ACU

AC Power Cord (UK) C13 BS   1363 2.5m

2

ASA-180W-PWR-AC

ASA 180W AC   Power Supply

2

ASA5500-ENCR-K9

ASA 5500 Strong Encryption License (3DES/AES)

2

ASA-ANYCONN-CSD-K9

ASA 5500   AnyConnect Client + Cisco Security Desktop Software

2

SSM-BLANK

ASA/IPS SSM   Slot Cover

2

Thanks in advance.

Rashed Ward.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Ok, I was not quite correct in my first post.

Those modules - only modules available for corresponding ASA models.

They all may act as IPS (inline mode) or IDS (promiscuous mode), depending on how you configure your policies.

When it acts like IPS, ASA directs all traffic through the module, so all the traffic is inspected and can be dropped inline if some signature fires.

When it acts as an IDS, ASA just copies traffic to the module for inspection, but actual traffic flow is not affected by the module, as it's not inline in this case.

Plus, those modules may be comdination of both modes. I.e. some traffic might be inspected inline, when some other (more sensitive) traffic can be inspected in promiscuous mode.

To understand this better, get familiar with this link:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/modules_ips.html

View solution in original post

3 REPLIES 3
Highlighted
Rising star

Why don't you look at this tables:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

and what is the deference between IPS and IDS, does the the same Module do the both functionality?

What's the difference between IPS and IDS in general - you can google for that information. From the ASA's modules perspective point of view - it'll allways be an IPS system.

Highlighted

Dear Andrew,

thanks for your reply, my requirment to support IDS not IPS, as I understod the ASA modules are IPS's, but I need IDS.

what is cisco module that support IDS ?

best regards ;

Rashed.

Highlighted

Ok, I was not quite correct in my first post.

Those modules - only modules available for corresponding ASA models.

They all may act as IPS (inline mode) or IDS (promiscuous mode), depending on how you configure your policies.

When it acts like IPS, ASA directs all traffic through the module, so all the traffic is inspected and can be dropped inline if some signature fires.

When it acts as an IDS, ASA just copies traffic to the module for inspection, but actual traffic flow is not affected by the module, as it's not inline in this case.

Plus, those modules may be comdination of both modes. I.e. some traffic might be inspected inline, when some other (more sensitive) traffic can be inspected in promiscuous mode.

To understand this better, get familiar with this link:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/modules_ips.html

View solution in original post

Content for Community-Ad