Cisco Cisco ASA 5512-X Adaptive Security Appliance Manual Técnica
Introduction
This document provides a sample configuration for how to send network traffic from the Cisco ASA 5500
Series Adaptive Security Appliance (ASA) to the Content Security and Control Security Services Module
(CSC−SSM).
Series Adaptive Security Appliance (ASA) to the Content Security and Control Security Services Module
(CSC−SSM).
The CSC−SSM provides protection against viruses, spyware, spam, and other unwanted traffic. It
accomplishes this by scanning the FTP, HTTP, POP3, and SMTP traffic that is diverted to it by the adaptive
security appliance. In order to force the ASA to divert the traffic to the CSC−SSM, you need to use Modular
Policy Framework.
accomplishes this by scanning the FTP, HTTP, POP3, and SMTP traffic that is diverted to it by the adaptive
security appliance. In order to force the ASA to divert the traffic to the CSC−SSM, you need to use Modular
Policy Framework.
Refer to ASA: Send Network Traffic from the ASA to the AIP SSM Configuration Example in order to send
network traffic that passes through the Cisco ASA 5500 Series Adaptive Security Appliance (ASA) to the
Advanced Inspection and Prevention Security Services Module (AIP−SSM) (IPS) module.
network traffic that passes through the Cisco ASA 5500 Series Adaptive Security Appliance (ASA) to the
Advanced Inspection and Prevention Security Services Module (AIP−SSM) (IPS) module.
Note: The CSC−SSM can scan FTP, HTTP, POP3, and SMTP traffic only when the destination port of the
packet that requests the connection is the well−known port for the specified protocol. The CSC−SSM can scan
only these connections:
packet that requests the connection is the well−known port for the specified protocol. The CSC−SSM can scan
only these connections:
FTP connections opened to TCP port 21
•
HTTP connections opened to TCP port 80
•
POP3 connections opened to TCP port 110
•
SMTP connections opened to TCP port 25
•
Prerequisites
Requirements
Ensure that you meet these requirements before you attempt this configuration:
A basic understanding of how to configure Cisco ASA 5500 Series runs software version 7.1 and
later.
later.
•
The CSC−SSM has been installed.
•
Components Used
The information in this document is based on these software and hardware versions:
ASA 5520 with software version 7.1 and later
•
CSC−SSM−10 with software version 6.1
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.