Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
3
Replies

Intrusion prevention AND content security with ASA

captkloss
Level 1
Level 1

‎08-19-2011 05:39 AM - edited ‎03-11-2019 02:14 PM

Hello, from what i'm reading,  with ASA5520-5540 i cant have both at the same time... what is the right way of securing my network with both solutions? Do i put two 5520s "in-line" one with CSC-SSM and another one with AIP-SSM?

Thanks!

Labels:
0 Helpful
3 Replies 3

varrao
Level 10
Level 10

‎08-19-2011 05:48 AM

A few suggestion here:

On the ASA 5520, it would not be possible to use both the IPS and CSC module, since:

You do not have two slots it.

If you have two ASA 5520's, then you can achive this, you can have one firewall doing the filtering with CSC and the other with Intrusion prevention. That is very much feasible. But the two ASA should not be failover.

Another outside workaround:

If you have an IPS appliance instead of the module, then you can first filter the traffic through the IPS appliance, send it to the ASA, which would redirect the traffic to the CSC module.

Hope this helps you.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

captkloss
Level 1
Level 1
In response to varrao

‎08-19-2011 07:18 AM

it's getting so convoluted - so essentially i need 4 x 5520 to get a secure/redundant internet access... pretty close cost wise to just getting 2 x 5585-x with SSP and IPS SSP...

0 Helpful

varrao
Level 10
Level 10
In response to captkloss

‎08-19-2011 07:21 AM

Well yes, if you need complete redundancy for your network. I now its a tough situation to be in. You can contact your Accounts Team for any other viable option for it.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card