[c-nsp] ASA/AIP-SSM-10 to replace a IDS-42xx

jcovini at free.fr jcovini at free.fr
Fri Oct 19 11:15:46 EDT 2007


Hi,

Is it possible to use an ASA with a AIP-SSM-10 like a "simple" IDS sensor ? Idea
is to span a vlan on a switchport, then connect and use the physical GE
interface featured on the AIP-SSM-10 module to sniff traffic and report alerts.
No IPS functionnality is needed.

Is such a way of using AIP-SSM sensor possible ? Or, do I have to filter the
traffic thru the underlying ASA appliance absolutely ?

Basically, I don't want to add a routing/firewall instance on my network. Just a
transparent IDS.

-jc


More information about the cisco-nsp mailing list