Cisco Systems Using an ASA's AIP SSM module to inspect traffic going into and coming out of a VPN tunnel.
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Using an ASA's AIP SSM module to inspect traffic going into and coming out of a VPN tunnel. dnash 01-22-09
Posted by dnash on January 22, 2009, 12:14 pm
Please log in for more thread options
I am having trouble inspecting network traffic on an ASA that is being
used as a VPN Concentrator. Based on some documentation I have
recently come upon it eludes that this may not even be possible based
on the fact the logical inspection point in the ASA is sandwiched
between the firewall policy and VPN policy.

I guess my question is whether the ASA with AIP SSM is even capable of
doing what I would like to do and if it is could you point towards any
specific documentation that covers this configuration.

Thanks in advance for the responses.

Similar ThreadsPosted
Using an ASA's AIP SSM module to inspect traffic going into and coming out of a VPN tunnel. January 22, 2009, 12:14 pm
ASA's CSC module not scanning traffic March 28, 2007, 4:17 am
Problem with GRE tunnel not coming up January 20, 2008, 2:54 am
Which port is traffic coming from? July 10, 2006, 1:26 pm
Seeing what traffic is coming from what desktops connected to 6500? December 6, 2006, 6:01 pm
Traffic scanning with ASA-5520 and CSC module May 23, 2007, 3:34 am
Traffic shaping problems using switching module on 2811 January 21, 2006, 8:01 am
second authentication with asa's and radius March 4, 2009, 11:57 am
PIX 7.0.4 tunnel all traffic. November 3, 2005, 12:27 pm
PIX 501 S2S VPN - Tunnel Up - No Traffic April 15, 2006, 11:44 am
*some* return traffic not going through vpn tunnel (although not all) December 20, 2005, 10:17 am
PIX lan-to-lan IPSEC comes up...no traffic passes tunnel November 2, 2005, 6:28 pm
solution to "*some* return traffic not going through vpn tunnel (although not all)" January 31, 2006, 12:47 pm
WAN, Routing and Switching: Route some IP traffic over tunnel January 15, 2007, 6:16 am
ASA5510 with Cisco VPN client. No traffic over VPN tunnel May 15, 2008, 4:53 am
Residential Cabling Guide

Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Learn More