13-1
Cisco ASA 5500 Series Getting Started Guide
78-19186-01
C H A P T E R
13
Configuring the AIP SSM
The optional AIP SSM runs advanced IPS software that provides further security
inspection either in inline mode or promiscuous mode. The adaptive security
appliance diverts packets to the AIP SSM just before the packet exits the egress
interface (or before VPN encryption occurs, if configured) and after other firewall
policies are applied. For example, packets that are blocked by an access list are
not forwarded to the AIP SSM.
If you purchased an AIP SSM, use the procedures in this chapter to:
•
Configure the adaptive security appliance to identify traffic to be diverted to
the AIP SSM
•
Session in to the AIP SSM and run setup
Note
The AIP SSM is supported in the Cisco ASA 5500 series software versions 7.0(1)
and later.
You can install the AIP SSM into an ASA 5500 series adaptive security appliance.
The AIP SSM runs advanced IPS software that provides a proactive, full-featured
Intrusion Prevention System to stop malicious traffic, including worms and
network viruses, before they can affect your network. This chapter includes the
following sections:
•
How the AIP SSM Works with the Adaptive Security Appliance, page 13-2
•
Configuring the AIP SSM, page 13-6
•
What to Do Next, page 13-14