Chapter 13 Configuring the AIP SSM
Understanding the AIP SSM
13-2
Cisco ASA 5500 Series Getting Started Guide
78-19186-01
Understanding the AIP SSM
This section includes the following topics:
• How the AIP SSM Works with the Adaptive Security Appliance, page 13-2
• Operating Modes, page 13-3
• Using Virtual Sensors, page 13-4
How the AIP SSM Works with the Adaptive Security Appliance
The AIP SSM runs a separate application from the adaptive security appliance. It
is, however, integrated into the adaptive security appliance traffic flow. The AIP
SSM does not contain any external interfaces itself, other than a management
interface. When you identify traffic for IPS inspection on the adaptive security
appliance, traffic flows through the adaptive security appliance and the AIP SSM
in the following way:
1. Traffic enters the adaptive security appliance.
2. Firewall policies are applied.
3. Traffic is sent to the AIP SSM over the backplane.
See the “Operating Modes” section on page 13-3 for information about only
sending a copy of the traffic to the AIP SSM.
4. The AIP SSM applies its security policy to the traffic, and takes appropriate
actions.
5. Valid traffic is sent back to the adaptive security appliance over the
backplane; the AIP SSM might block some traffic according to its security
policy, and that traffic is not passed on.
6. VPN policies are applied (if configured).
7. Traffic exits the adaptive security appliance.
Figure 13-1 shows the traffic flow when running the AIP SSM in inline mode. In
this example, the AIP SSM automatically blocks traffic that it identified as an
attack. All other traffic is forwarded through the adaptive security appliance.
To Next Page
Loading...
Need help?
General
