How The Aip Ssm Works With The Adaptive Security Appliance; Operating Modes - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Managing the AIP SSM
•
•
How the AIP SSM Works with the Adaptive Security Appliance
The AIP SSM runs a separate application from the adaptive security appliance. It is, however, integrated
into the adaptive security appliance traffic flow. The AIP SSM does not contain any external interfaces
itself, other than a management interface. When you identify traffic for IPS inspection on the adaptive
security appliance, traffic flows through the adaptive security appliance and the AIP SSM in the
following way:
1.
2.
3.
4.
5.
6.
7.
Figure 22-1
SSM automatically blocks traffic that it identified as an attack. All other traffic is forwarded through the
security appliance.
Figure 22-1
Operating Modes
You can send traffic to the AIP SSM using one of the following modes:
•
Cisco Security Appliance Command Line Configuration Guide
22-2
Using Virtual Sensors, page 22-3
AIP SSM Procedure Overview, page 22-4
Traffic enters the adaptive security appliance.
Firewall policies are applied.
Traffic is sent to the AIP SSM over the backplane.
See the
"Operating Modes" section on page 22-2
traffic to the AIP SSM.
The AIP SSM applies its security policy to the traffic, and takes appropriate actions.
Valid traffic is sent back to the adaptive security appliance over the backplane; the AIP SSM might
block some traffic according to its security policy, and that traffic is not passed on.
VPN policies are applied (if configured).
Traffic exits the adaptive security appliance.
shows the traffic flow when running the AIP SSM in inline mode. In this example, the AIP
AIP SSM Traffic Flow in the Adaptive Security Appliance: Inline Mode
Security Appliance
Main System
VPN
inside
Policy
Diverted Traffic
IPS inspection
AIP SSM
Inline mode—This mode places the AIP SSM directly in the traffic flow (see
that you identified for IPS inspection can continue through the adaptive security appliance without
first passing through, and being inspected by, the AIP SSM. This mode is the most secure because
Chapter 22
for information about only sending a copy of the
Firewall
Policy
outside
Backplane
Block
Managing the AIP SSM and CSC SSM
Figure
22-1). No traffic
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
