Solved: AIP SSM mode

qbakies11 · ‎12-11-2007

I purchased an ASA 5510 with SSM module for IPS to get in PCI compliance. I'm setting up the SSM and I don't know if I should use inline or promiscuous mode to monitor traffic. I'm afraid I'll slow thing down if I do inline but I'm not sure if promiscuous mode is enough to satisfy PCI standards. Does anyone know which can or must be used?

ccbootcamp · ‎12-11-2007

Here ya go:

http://www.ccbootcamp.com/pci/design-guide.pdf

http://www.ccbootcamp.com/pci/CISPVISA.pdf

-brad

http://www.ccbootcamp.com

(please RATE the post if this helps!)

(Maybe the moderator can make this a sticky!)

View solution in original post

ccbootcamp · ‎12-11-2007

I believe you have to use inline mode, but I'm not 100% on this. I have the PCI compliance file that I can forward to you if you want to send me an email.

What is your bandwidth connection? The 5510 w/ the SSM can handle 150 Mbps. In terms of added latency, check it out for yourself, but I bet it's only an "ms" or two.

Here is a sample config for you as well:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

I have a copy of Cisco's PCI compliance DOC from Paul Serbin (Cisco Security SE for the southwest region) somewhere in my email, but for whatever reason, I can't find it. If you want, shoot me an email, and after I dig it up, I will forward it to you. It has the exact requirements of Cisco hardware to meet PCI compliance.

-brad

www.ccbootcamp.com

(please rate the post if this helps!)