Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

28-2

Cisco ASDM User Guide

OL-16647-01

Chapter 28 Configuring IPS

AIP SSM Overview

How the AIP SSM Works with the Adaptive Security Appliance

The AIP SSM runs a separate application from the adaptive security appliance. It is, however, integrated

into the adaptive security appliance traffic flow. The AIP SSM does not contain any external interfaces

itself, other than a management interface. When you identify traffic for IPS inspection on the adaptive

security appliance, traffic flows through the adaptive security appliance and the AIP SSM in the

following way:

1. Traffic enters the adaptive security appliance.

2. Firewall policies are applied.

3. Traffic is sent to the AIP SSM over the backplane.

See the “Operating Modes” section on page 28-2 for information about only sending a copy of the

traffic to the AIP SSM.

4. The AIP SSM applies its security policy to the traffic, and takes appropriate actions.

5. Valid traffic is sent back to the adaptive security appliance over the backplane; the AIP SSM might

block some traffic according to its security policy, and that traffic is not passed on.

6. VPN policies are applied (if configured).

7. Traffic exits the adaptive security appliance.

Figure 28-1 shows the traffic flow when running the AIP SSM in inline mode. In this example, the AIP

SSM automatically blocks traffic that it identified as an attack. All other traffic is forwarded through the

security appliance.

Figure 28-1 AIP SSM Traffic Flow in the Adaptive Security Appliance: Inline Mode

Operating Modes

You can send traffic to the AIP SSM using one of the following modes:

• Inline mode—This mode places the AIP SSM directly in the traffic flow (see Figure 28-1). No traffic

that you identified for IPS inspection can continue through the adaptive security appliance without

first passing through, and being inspected by, the AIP SSM. This mode is the most secure because

every packet that you identify for inspection is analyzed before being allowed through. Also, the AIP

SSM can implement a blocking policy on a packet-by-packet basis. This mode, however, can affect

throughput.

Security Appliance

Main System

inside

AIP SSM

Diverted Traffic

IPS inspection

outside

Backplane

VPN

Policy

Firewall

Policy

Block

191313

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual