Cisco IPS-4255-K9 Installation Guide - Page 41
AIP SSM-40, Supports 650 Mbps IPS throughput on ASA 5540 - private server
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 41 highlights
Chapter 1 Introducing the Sensor • ASA-SSM-AIP-20-K9 - Supports 375 Mbps of IPS throughput when installed in ASA 5520 - Supports 500 Mbps of IPS throughput when installed in ASA 5540 • ASA-SSM-AIP-40-K9 - Supports 450 Mbps of IPS throughput on the ASA 5520 - Supports 650 Mbps IPS throughput on ASA 5540 Figure 1-7 shows the AIP SSM-40. Figure 1-7 AIP SSM-40 IPS Modules 270535 LNK 0 SPD CISCO ASA SSM- 40 STATUS POWER The AIP SSM runs in either inline mode or promiscuous mode. The adaptive security appliance diverts packets to the AIP SSM just before the packet exits the egress interface (or before VPN encryption occurs, if configured) and after other firewall policies are applied. For example, packets that are blocked by an access list are not forwarded to the AIP SSM. In promiscuous mode, the IPS receives packets over the GigabitEthernet interface, examines them for intrusive behavior, and generates alerts based on a positive result of the examination. In inline mode, there is the additional step of sending all packets, which did not result in an intrusion, back out the GigabitEthernet interface. Figure 1-8 on page 1-24 shows the adaptive security appliance with the AIP SSM in a typical DMZ configuration. A DMZ is a separate network located in the neutral zone between a private (inside) network and a public (outside) network. The web server is on the DMZ interface, and HTTP clients from both the inside and outside networks can access the web server securely. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-23