[c-nsp] ASA/AIP-SSM-10 to replace a IDS-42xx

jcovini at free.fr jcovini at free.fr
Fri Oct 19 12:04:54 EDT 2007


I quickly seek some docs about transparent mode, and the fact it implies to use
two interfaces only - inside and outside.
... if I want to only do IDS, not IPS, i.e. if I only want to do threat report,
not necessary filter or block a given malicious connexion, do you think it's
possible to plug only one interface to some (r)span switchport ?


Selon Fred Reimer <freimer at ctiusa.com>:

> You can put the ASA in transparent mode so that you don't have to
> "route" through it, but the traffic does have to pass through the
> device.  The external Ethernet interface on the AIP is strictly
> for management only...
>
>
>
> Fred Reimer, CISSP
> Senior Network Engineer
> Coleman Technologies, Inc.
> 954-298-1697
>
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> jcovini at free.fr
> Sent: Friday, October 19, 2007 11:16 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] ASA/AIP-SSM-10 to replace a IDS-42xx
>
> Hi,
>
> Is it possible to use an ASA with a AIP-SSM-10 like a "simple"
> IDS sensor ? Idea
> is to span a vlan on a switchport, then connect and use the
> physical GE
> interface featured on the AIP-SSM-10 module to sniff traffic and
> report alerts.
> No IPS functionnality is needed.
>
> Is such a way of using AIP-SSM sensor possible ? Or, do I have to
> filter the
> traffic thru the underlying ASA appliance absolutely ?
>
> Basically, I don't want to add a routing/firewall instance on my
> network. Just a
> transparent IDS.
>
> -jc
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>




More information about the cisco-nsp mailing list