18-13
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 18 Configuring the ASA 5500 AIP SSM
The ASA 5500 AIP SSM and the Normalizer Engine
The ASA 5500 AIP SSM and the Normalizer Engine
The majority of the features in the Normalizer engine are not used on the ASA 5500 AIP SSM , because
the ASA itself handles the normalization. Packets on the ASA IPS modules go through a special path in
the Normalizer that only reassembles fragments and puts packets in the right order for the TCP stream.
The Normalizer does not do any of the normalization that is done on an inline IPS appliance, because
that causes problems in the way the ASA handles the packets.
The following Normalizer engine signatures are not supported:
• 1300.0
• 1304.0
• 1305.0
• 1307.0
• 1308.0
• 1309.0
• 1311.0
• 1315.0
• 1316.0
• 1317.0
• 1330.0
• 1330.1
• 1330.2
• 1330.9
• 1330.10
• 1330.12
• 1330.14
• 1330.15
• 1330.16
• 1330.17
• 1330.18
For More Information
For detailed information about the Normalizer engine, see Normalizer Engine, page B-37.
ASA 5500 AIP SSM Failover Scenarios
The following failover scenarios apply to the ASA in the event of configuration changes,
signature/signature engine updates, service packs, and SensorApp crashes on the ASA 5500 AIP SSM.