55-3
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 55 Configuring the Content Security and Control Application on the CSC SSM
Information About the CSC SSM
Figure 55-2 CSC SSM Deployment with a Management Network
Determining What Traffic to Scan
The CSC SSM can scan FTP, HTTP, POP3, and SMTP traffic only when the destination port of the
packet requesting the connection is the well-known port for the specified protocol. The CSC SSM can
scan only the following connections:
• FTP connections opened to TCP port 21.
• HTTP connections opened to TCP port 80.
• POP3 connections opened to TCP port 110.
• SMTP connections opened to TCP port 25.
You can choose to scan traffic for all of these protocols or any combination of them. For example, if you
do not allow network users to receive POP3 e-mail, do not configure the adaptive security appliance to
divert POP3 traffic to the CSC SSM. Instead, block this traffic.
To maximize performance of the adaptive security appliance and the CSC SSM, divert only the traffic to
the CSC SSM that you want the CSC SSM to scan. Diverting traffic that you do not want scanned, such
as traffic between a trusted source and destination, can adversely affect network performance.
Note When traffic is first classified for CSC inspection, it is flow-based. If traffic is part of a pre-existing
connection, the traffic goes directly to the service policy set for that connection.
You can apply service policies that include CSC scanning globally or to specific interfaces; therefore,
you can choose to enable CSC scans globally or for specific interfaces. For more information, see the
“Determining Service Policy Rule Actions for CSC Scanning” section on page 55-9.
148387
192.168.100.1
192.168.50.1
Notifications
SMTP Server
192.168.50.38
SSM
management
port
10.6.13.67
Trend Micro
Update Server
Adaptive Security
Appliance
Main System
inside
CSC SSM
outside
HTTP
Proxy
management port
ASDM
Syslog
Internet
To Next Page
Loading...
Need help?
General
