[c-nsp] ASA/AIP-SSM-10 to replace a IDS-42xx
freimer at ctiusa.com
Fri Oct 19 11:39:42 EDT 2007
You can put the ASA in transparent mode so that you don't have to
"route" through it, but the traffic does have to pass through the
device. The external Ethernet interface on the AIP is strictly
for management only...
Fred Reimer, CISSP
Senior Network Engineer
Coleman Technologies, Inc.
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
jcovini at free.fr
Sent: Friday, October 19, 2007 11:16 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA/AIP-SSM-10 to replace a IDS-42xx
Is it possible to use an ASA with a AIP-SSM-10 like a "simple"
IDS sensor ? Idea
is to span a vlan on a switchport, then connect and use the
interface featured on the AIP-SSM-10 module to sniff traffic and
No IPS functionnality is needed.
Is such a way of using AIP-SSM sensor possible ? Or, do I have to
traffic thru the underlying ASA appliance absolutely ?
Basically, I don't want to add a routing/firewall instance on my
network. Just a
cisco-nsp mailing list cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5188 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20071019/4006ed01/attachment.bin
More information about the cisco-nsp