Cisco Systems ASA 5500 Manual De Usuario
C H A P T E R
19-1
Cisco Security Appliance Command Line Configuration Guide
OL-8629-01
19
Managing the AIP SSM and CSC SSM
The Cisco ASA 5500 series adaptive security appliance supports a variety of SSMs. This chapter
describes how to configure the adaptive security appliance to support an AIP SSM or a CSC SSM,
including how to send traffic to these SSMs.
describes how to configure the adaptive security appliance to support an AIP SSM or a CSC SSM,
including how to send traffic to these SSMs.
For information about the 4GE SSM for the ASA 5000 series adaptive security appliance, see
Chapter 4,
“Configuring Ethernet Settings and Subinterfaces”
.
Note
The Cisco PIX 500 series security appliances does not support SSMs.
This chapter includes the following sections:
•
•
•
•
Managing the AIP SSM
This section contains the following topics:
•
•
•
•
About the AIP SSM
The ASA 5500 series adaptive security appliance supports the AIP SSM, which runs advanced
IPS software that provides further security inspection. The adaptive security appliance diverts packets
to the AIP SSM just before the packet exits the egress interface (or before VPN encryption occurs, if
configured) and after other firewall policies are applied. For example, packets that are blocked by an
access list are not forwarded to the AIP SSM.
IPS software that provides further security inspection. The adaptive security appliance diverts packets
to the AIP SSM just before the packet exits the egress interface (or before VPN encryption occurs, if
configured) and after other firewall policies are applied. For example, packets that are blocked by an
access list are not forwarded to the AIP SSM.