Filter
Top Products
8-2
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1
OL-24002-01
Chapter 8 Installing and Removing the ASA 5500 AIP SSM
Product Overview
Product Overview
The Cisco ASA Advanced Inspection and Prevention Security Services Module (ASA 5500 AIP SSM) is
the IPS plug-in module in the Cisco ASA 5500 series adaptive security appliance. The adaptive security
appliance software integrates firewall, VPN, and intrusion detection and prevention capabilities in a
single platform.
The ASA 5500 AIP SSM monitors and performs real-time analysis of network traffic by looking for
anomalies and misuse based on an extensive, embedded signature library. When the ASA 5500 AIP SSM
detects unauthorized activity, it can terminate the specific connection, permanently block the attacking
host, log the incident, and send an alert to the device manager.
There are three models of the ASA 5500 AIP SSM:
•
ASA-SSM-AIP-10-K9
–
Supports 150 Mbps of IPS throughput when installed in ASA 5510
–
Supports 225 Mbps of IPS throughput when installed in ASA 5520
•
ASA-SSM-AIP-20-K9
–
Supports 375 Mbps of IPS throughput when installed in ASA 5520
–
Supports 500 Mbps of IPS throughput when installed in ASA 5540
•
ASA-SSM-AIP-40-K9
–
Supports 450 Mbps of IPS throughput on the ASA 5520
–
Supports 650 Mbps IPS throughput on ASA 5540
Figure 8-1 shows the AIP SSM-40.
Figure 8-1 AIP SSM-40
The ASA 5500 AIP SSM runs in either inline or promiscuous mode. The adaptive security appliance
diverts packets to the ASA 5500 AIP SSM just before the packet exits the egress interface (or before
VPN encryption occurs, if configured) and after other firewall policies are applied. For example, packets
that are blocked by an access list are not forwarded to the ASA 5500 AIP SSM.
270535
LN
K
S
PD
0
CISCO ASA SS
M-4
0
STA
T
U
S
PO
W
ER