Cisco 5510 Getting Started Guide - Page 168
Understanding the AIP SSM, How the AIP SSM Works with the Adaptive Security Appliance
UPC - 882658094767
View all Cisco 5510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 168 highlights
Understanding the AIP SSM Chapter 13 Configuring the AIP SSM Understanding the AIP SSM This section includes the following topics: • How the AIP SSM Works with the Adaptive Security Appliance, page 13-2 • Operating Modes, page 13-3 • Using Virtual Sensors, page 13-4 How the AIP SSM Works with the Adaptive Security Appliance The AIP SSM runs a separate application from the adaptive security appliance. It is, however, integrated into the adaptive security appliance traffic flow. The AIP SSM does not contain any external interfaces itself, other than a management interface. When you identify traffic for IPS inspection on the adaptive security appliance, traffic flows through the adaptive security appliance and the AIP SSM in the following way: 1. Traffic enters the adaptive security appliance. 2. Firewall policies are applied. 3. Traffic is sent to the AIP SSM over the backplane. See the "Operating Modes" section on page 13-3 for information about only sending a copy of the traffic to the AIP SSM. 4. The AIP SSM applies its security policy to the traffic, and takes appropriate actions. 5. Valid traffic is sent back to the adaptive security appliance over the backplane; the AIP SSM might block some traffic according to its security policy, and that traffic is not passed on. 6. VPN policies are applied (if configured). 7. Traffic exits the adaptive security appliance. Figure 13-1 shows the traffic flow when running the AIP SSM in inline mode. In this example, the AIP SSM automatically blocks traffic that it identified as an attack. All other traffic is forwarded through the adaptive security appliance. 13-2 Cisco ASA 5500 Series Getting Started Guide 78-19186-01