cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
604
Views
0
Helpful
3
Replies

Inspecting traffic one way

brobinson
Level 1
Level 1

Hi, is there a way on IPS v6.1 to only inspect traffic in one direction? Implementation is pair interfaces. Thanks!

3 Replies 3

sadbulali
Level 4
Level 4

You can configure AIP-SSM to inspect traffic in inline or promiscuous mode and in fail-open or fail-over mode.On the adaptive security appliance, to identify traffic to be diverted to and inspected by AIP-SSM:

1. Create or use an existing ACL.

2. Use the class-map command to define the IPS traffic class.

3. Use the policy-map command to create an IPS policy map by associating the traffic class with one or more actions.

4. Use the service-policy command to create an IPS security policy by associating the policy map with one or more interfaces.The AIP SSM runs advanced IPS software that provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network. This section includes the following topics:

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_ssm.html#wp1046877

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ssm.html

rhermes
Level 7
Level 7

There is a setting for "loose" TCP processing that is supposed to allow the sensor to watch only half of a TCP conversation, but we found it didn'twork very well and CPU unexpectedly increased significantly as a result.

Thanks for all the replies! Good info. : )

Review Cisco Networking for a $25 gift card