Cisco Cisco IPS 4255 Sensor Informationshandbuch
Q&A
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Q.
What configurations are available for the Cisco ASA AIP-SSM-40?
A.
The Cisco ASA AIP-SSM-40 is available in two base configurations: installed in the Cisco ASA
5520 or 5540 Adaptive Security Appliance.
Q.
How does the Cisco ASA AIP-SSM plug into and communicate with the appliance?
A.
The Cisco ASA AIP-SSM plugs directly into the SSM slot in the Cisco ASA appliance’s
chassis. This provides a direct connection to the appliance’s backplane. Once the module is
installed, a proprietary protocol runs over the bus and controls data flow and messaging
between the module and appliance.
Q.
How does a user communicate with the Cisco ASA AIP-SSM-40?
A.
The Cisco ASA AIP-SSM-40 has an external interface that needs to be plugged into the
appropriate part of the network, based on the IP addressing information that was assigned to
the Cisco IPS Sensor Software on the module. While configuration can be done using Cisco
Adaptive Security Device Manager (ASDM), behind the scenes, Cisco ASDM is actually
connecting to the module’s address to perform configuration activities.
Q.
For several years, Cisco has recommended a “defense-in-depth” approach, in which
the firewall filters evaluate traffic before it is passed on to the IPS device for further
inspection. Since I have IPS and firewall in the same device, how can I ensure that
traffic is inspected for threats in the correct sequence?
A.
Using the Cisco ASA AIP-SSM solution, all firewall filtering features happen before IPS
inspection. Essentially, the recommendation described above is in place by default using this
solution.
Q.
If I’m using encrypted tunnels terminating on a Cisco ASA device, can I inspect the
encrypted data using the AIP-SSM-40?
A.
Yes. When the AIP-SSM-40 is installed in the Cisco ASA appliance, encrypted tunnels are
terminated and then data is decrypted before being passed through the appliance device. This
helps ensure that data that was encrypted is inspected before being routed out a Cisco ASA
interface to its final destination.
Device Management
Q.
How is the Cisco ASA AIP-SSM-40 managed?
A.
The Cisco ASA AIP-SSM-40 is managed by Cisco IPS Manager Express, a new IPS
management software tool that is part of Cisco IPS Software Version 6.1. Cisco IPS Manager
Express allows full management of IPS devices as well as advanced IPS alert reporting and
sensor health management.
Q.
How difficult is it to install and configure the Cisco ASA AIP-SSM-40?
A.
The installation is an intuitive, six-step process.
1. Plug the AIP-SSM-40 card into your Cisco ASA 5520 or 5540 appliance.
2. Connect the management IP interface from the AIP-SSM-40 to your network.
3. Session into the AIP-SSM-40 from the appliance.
4. Run Setup and answer the prompts from the IPS setup wizard.
5. Launch Cisco ASDM and install the license and current IPS signatures list.
6. Create a security policy on the appliance, defining the traffic you would like to have inspected
and in which manner (IDS or IPS).