Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
0
Helpful
2
Replies

Multicontext ASA > single context AIP-SSM

rhermes
Level 7
Level 7

‎12-02-2008 10:11 AM - edited ‎03-10-2019 04:24 AM

Can I pass traffic from multiple firewall contexts in an ASA to a single context AIP-SSM module in-line mode?

Would that use multiple VLAN pairs to keep the traffic seperate?

Labels:
0 Helpful
2 Replies 2

wong34539
Level 6
Level 6

‎12-08-2008 09:34 AM

I think it is possible to send AIP SSM traffic to ASA in inline mode. This mode places the AIP SSM directly in the traffic flow . No traffic that you identified for IPS inspection can continue through the adaptive security appliance without first passing through, and being inspected by, the AIP SSM. This mode is the most secure because every packet that you identify for inspection is analyzed before being allowed through. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. This mode, however, can affect throughput.

0 Helpful

rhermes
Level 7
Level 7
In response to wong34539

‎12-09-2008 08:33 AM

Thank you for taking the time to answer, but I was asking about the use of MULTI-context ASA firewalls. They are multiple virtual firewalls that reside inside the same physical ASA. Can a single context IPS sensor module (AIP-SSM) perform promiscious or in-line inspection on packets to and from multiple virtual firewalls?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card