55-2
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 55 Configuring the Content Security and Control Application on the CSC SSM
Information About the CSC SSM
In this example, the client could be a network user who is accessing a website, downloading files from
an FTP server, or retrieving mail from a POP3 server. SMTP scans differ in that you should configure
the adaptive security appliance to scan traffic sent from the outside to SMTP servers protected by the
adaptive security appliance.
Figure 55-1 Flow of Scanned Traffic with CSC SSM
You use ASDM for system setup and monitoring of the CSC SSM. For advanced configuration of content
security policies in the CSC SSM software, you access the web-based GUI for the CSC SSM by clicking
links within ASDM. The CSC SSM GUI appears in a separate web browser window. To access the CSC
SSM, you must enter the CSC SSM password. To use the CSC SSM GUI, see the Cisco Content Security
and Control (CSC) SSM Administrator Guide.
Note ASDM and the CSC SSM maintain separate passwords. You can configure their passwords to be
identical; however, changing one of these two passwords does not affect the other password.
The connection between the host running ASDM and the adaptive security appliance is made through a
management port on the adaptive security appliance. The connection to the CSC SSM GUI is made
through the SSM management port. Because these two connections are required to manage the CSC
SSM, any host running ASDM must be able to reach the IP address of both the adaptive security
appliance management port and the SSM management port.
Figure 55-2 shows an adaptive security appliance with a CSC SSM that is connected to a dedicated
management network. While use of a dedicated management network is not required, we recommend it.
In this configuration, the following items are of particular interest:
• An HTTP proxy server is connected to the inside network and to the management network. This
HTTP proxy server enables the CSC SSM to contact the Trend Micro Systems update server.
• The management port of the adaptive security appliance is connected to the management network.
To allow management of the adaptive security appliance and the CSC SSM, hosts running ASDM
must be connected to the management network.
• The management network includes an SMTP server for e-mail notifications for the CSC SSM and a
syslog server to which the CSC SSM can send syslog messages.
148386
Adaptive
Security Appliance
Main System
Request sent
Client
Reply forwarded
inside
modular
service
policy
Request forwarded
Reply sent
CSC SSM
Server
Diverted Traffic
content security scan
outside
To Next Page
Loading...
Need help?
General
