Understanding the AIP SSM
Using Virtual Sensors
Cisco ASA 5500 Series Getting Started Guide
13-4
Figure 13-2
AIP SSM Traffic Flow in the Adaptive Security Appliance:
Promiscuous Mode
Main System
VPN
inside
Policy
AIP SSM
The AIP SSM running IPS software Version 6.0 and above can run multiple
virtual sensors, which means you can configure multiple security policies on the
AIP SSM. You can assign each context or single mode adaptive security appliance
to one or more virtual sensors, or you can assign multiple security contexts to the
same virtual sensor. See the IPS documentation for more information about
virtual sensors, including the maximum number of sensors supported.
Figure 13-3
shows one security context paired with one virtual sensor (in inline
mode), while two security contexts share the same virtual sensor.
Security Appliance
Firewall
Policy
Shun
message
Copied Traffic
IPS inspection
Chapter 13
Configuring the AIP SSM
outside
Backplane
78-19186-01