Filter
Top Products
9-3
Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide
78-17611-01
Chapter 9 Configuring the AIP SSM
AIP SSM Configuration
To identify traffic to divert from the adaptive security appliance to the AIP SSM,
perform the following steps:
Step 1 Create an access list that matches all traffic:
hostname(config)# access-list acl-name permit ip any any
Step 2 Create a class map to identify the traffic that should be diverted to the AIP SSM.
Use the class-map command to do so, as follows:
hostname(config)# class-map class_map_name
hostname(config-cmap)#
where class_map_name is the name of the traffic class. When you enter the
class-map command, the CLI enters class map configuration mode.
Step 3 With the access list you created in Step 1, use a match access-list command to
identify the traffic to be scanned:
hostname(config-cmap)# match access-list acl-name
Step 4 Create a policy map or modify an existing policy map that you want to use to send
traffic to the AIP SSM. To do so, use the policy-map command, as follows:
hostname(config-cmap)# policy-map policy_map_name
hostname(config-pmap)#
where policy_map_name is the name of the policy map. The CLI enters the policy
map configuration mode and the prompt changes accordingly.
Step 5 Specify the class map, created in Step 2, that identifies the traffic to be scanned.
Use the class command to do so, as follows:
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
where class_map_name is the name of the class map you created in Step 2. The
CLI enters the policy map class configuration mode and the prompt changes
accordingly.
Step 6 Assign the traffic identified by the class map as traffic to be sent to the AIP SSM.
Use the ips command to do so, as follows:
hostname(config-pmap-c)# ips {inline | promiscuous} {fail-close |
fail-open}