Cisco Cisco IPS 4255 Sensor 백서

White Paper

Page 4 of 6

in the processing path and is basically disabled. This means that from the AIP-SSM’s perspective,

anything that gets passed to it for analysis has been cleared by the appliance as being valid and

correct. As long as the high-availability solution is functioning correctly, all session state will be

shared to the passive Cisco ASA appliance so when a failover event occurs, the backup appliance

takes over session management and packets start flowing through it without issue. The AIP-SSM,

without any current signature state, starts performing analysis in midstream for all streams without

an issue. The only portion of data that is lost is signature state for those flows in progress. The

possible exposure is limited to an attacker being able to force a failover event. If an attacker can

do this, they can cause a complete DoS by bringing down both active and passive firewalls.

Configuration of the AIP-SSMs should be as close as possible to each other as they will perform

the same job. Things like signature config, virtual sensor setup, filters, and overrides should all be

similar, if not exactly the same. This helps to ensure that their behavior is the same.

Failover Pair in Active-Active Situation

The next scenario is much more complex, and involves a Cisco ASA failover pair deployed into an

active/active asymmetric situation (Figure 3).

Figure 3. Failover Pair in Active-Active Deployment

In this deployment, because traffic can leave the network using network A-1 and come back using

network A-2, different physical Cisco ASA appliances are involved in the primary packet path. To

solve this issue, the appliance should be configured using active-active asymmetric routing mode.

This deployment involves building two contexts on each Cisco ASA appliance, where context 1 on

Cisco ASA 1 is the active context for network A-1 and context 2 on Cisco ASA 1 is the passive