Cisco Cisco IPS 4255 Sensor 백서
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
White Paper
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
context for network A-2. The opposite setup is done for Cisco ASA 2. Packet flow then looks like
Figure 4.
Figure 4. Packet Flow
Since each appliance context pair only handles traffic that it is primary for, each appliance
context’s state tables are kept synchronized and up to date. None of this really matters to the AIP-
SSM because even in this deployment, the AIP configuration portion is relatively easy. Once the
modules are inserted and initialized, an important decision needs to be made as to whether one or
two virtual sensor policies should be created and used due to the fact that the Cisco ASA
appliances are using multiple virtual contexts. If one policy is desired, all packets from both
contexts on the appliance will be sent to that same virtual sensor. If multiple virtual sensors are
created, the packets from each context can go to their own virtual sensor for analysis. If the
decision is made to create multiple virtual sensor “policies” on one AIP-SSM, a similar
configuration should be created on the other AIP-SSM to match/mirror the configuration of the
other AIP-SSM. Other than virtual sensor creation decisions, the rest of the configuration is fairly
straightforward. From the AIP-SSM’s standpoint, this deployment is no different from the active-
passive in that all packets for a flow traverse the same appliance and context, so complete flow
visibility is maintained. If a failover event occurs, session state is maintained by the appliance and
new and ongoing sessions get passed to the “backup” AIP-SSM without issue. That AIP-SSM
starts analysis of the flows as it sees them.