02-24-2013 12:43 AM - edited 03-10-2019 05:54 AM
Dear All;
we have the following HW configuration for the ASA 5505 and ASA 5520, We need to add the Intrusion Detection System (IDS) functionality to both ASA. My question is: what is/are the module(s) required to support this function, and what is the deference between IPS and IDS, does the the same Module do the both functionality?
Part No | Description | QTY |
ASA5505-BUN-K9 | ASA 5505 Appliance with SW 10 Users 8 ports 3DES/AES | 1 |
CON-SNT-AS5BUNK9 | SMARTNET 8X5XNBD ASA5505-BUN-K9 | 1 |
SF-ASA5505-8.2-K8 | ASA 5505 Series Software v8.2 | 1 |
CAB-AC-C5 | AC Power Cord Type C5 US | 1 |
ASA5500-ENCR-K9 | ASA 5500 Strong Encryption License (3DES/AES) | 1 |
ASA5505-PWR-AC | ASA 5505 AC Power Supply Adapter | 1 |
ASA5505-SW-10 | ASA 5505 10 User software license | 1 |
SSC-BLANK | ASA 5505 SSC Blank Slot Cover | 1 |
ASA-ANYCONN-CSD-K9 | ASA 5500 AnyConnect Client + Cisco Security Desktop Software | 1 |
Part No | Description | QTY |
ASA5520-BUN-K9 | ASA 5520 Appliance with SW HA 4GE+1FE 3DES/AES | 2 |
CON-SNT-AS2BUNK9 | SMARTNET 8X5XNBD ASA5520 w/300 VPN Prs 4GE+1FE3DES/AES | 2 |
ASA5520-VPN-PL | ASA 5520 VPN Plus 750 IPsec User License (7.0 Only) | 2 |
ASA-VPN-CLNT-K9 | Cisco VPN Client Software (Windows Solaris Linux Mac) | 2 |
SF-ASA-8.2-K8 | ASA 5500 Series Software v8.2 | 2 |
CAB-ACU | AC Power Cord (UK) C13 BS 1363 2.5m | 2 |
ASA-180W-PWR-AC | ASA 180W AC Power Supply | 2 |
ASA5500-ENCR-K9 | ASA 5500 Strong Encryption License (3DES/AES) | 2 |
ASA-ANYCONN-CSD-K9 | ASA 5500 AnyConnect Client + Cisco Security Desktop Software | 2 |
SSM-BLANK | ASA/IPS SSM Slot Cover | 2 |
Thanks in advance.
Rashed Ward.
Solved! Go to Solution.
02-24-2013 10:07 PM
Ok, I was not quite correct in my first post.
Those modules - only modules available for corresponding ASA models.
They all may act as IPS (inline mode) or IDS (promiscuous mode), depending on how you configure your policies.
When it acts like IPS, ASA directs all traffic through the module, so all the traffic is inspected and can be dropped inline if some signature fires.
When it acts as an IDS, ASA just copies traffic to the module for inspection, but actual traffic flow is not affected by the module, as it's not inline in this case.
Plus, those modules may be comdination of both modes. I.e. some traffic might be inspected inline, when some other (more sensitive) traffic can be inspected in promiscuous mode.
To understand this better, get familiar with this link:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/modules_ips.html
02-24-2013 10:07 AM
Why don't you look at this tables:
and what is the deference between IPS and IDS, does the the same Module do the both functionality?
What's the difference between IPS and IDS in general - you can google for that information. From the ASA's modules perspective point of view - it'll allways be an IPS system.
02-24-2013 09:52 PM
Dear Andrew,
thanks for your reply, my requirment to support IDS not IPS, as I understod the ASA modules are IPS's, but I need IDS.
what is cisco module that support IDS ?
best regards ;
Rashed.
02-24-2013 10:07 PM
Ok, I was not quite correct in my first post.
Those modules - only modules available for corresponding ASA models.
They all may act as IPS (inline mode) or IDS (promiscuous mode), depending on how you configure your policies.
When it acts like IPS, ASA directs all traffic through the module, so all the traffic is inspected and can be dropped inline if some signature fires.
When it acts as an IDS, ASA just copies traffic to the module for inspection, but actual traffic flow is not affected by the module, as it's not inline in this case.
Plus, those modules may be comdination of both modes. I.e. some traffic might be inspected inline, when some other (more sensitive) traffic can be inspected in promiscuous mode.
To understand this better, get familiar with this link:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/modules_ips.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide