How can I have traffic to be inspected by SSM-10

I have site-to-site vpn in my network (ASA5510), and I need the traffic to be inspected by ssm-10 module which is already installed, as the traffic  make its way to the host
What is the correct virtual sensor configuration e.g, interface and vlan, vlan only or virtual sensor. And what is the correct ACL is the service policy rule.
Fuad BazarahAsked:
Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
AIP SSM comes before VPN policy is applied.

But to be more specific to make sure SSM is configured in accordance as below
Follow this sequence to create virtual sensors on the AIP SSM and to assign them to adaptive security device contexts:
1. If you have Cisco Adaptive Security Appliance Software 7.2.3 or later, configure up to four virtual sensors on the AIP SSM.
2. Assign the AIP SSM interface, GigabitEthernet0/1, to one of the virtual sensors.
3. Assign virtual sensors to different contexts on the adaptive security device.
4. Use MPF to direct traffic to the targeted virtual sensor.

See these options on how to verify traffic is running through AIP SSM
Execute "show conf" on your AIP SSM CLI.  Verify that the GigabitEthernet0/1 backplane interface of the SSM has been assigned to virtual sensor vs0.

If it has not, then run "setup" and near the end of the setup wizard there will be an option to edit the interface and virtual sensor configuration.  Use this option to modify the configuration for virtual sensor vs0 and in the interface.

You can also run "show stat virtual-sensor vs0" to see the counts of packets being analyzed by vs0.
In addition to what marco suggested also use the following command to see packet sent and received to the MODULE

show service-policy
run a test using traffic gen. simulators like Nmap or nesus

Alternatively you may either enable icmp signature 2051/2 and ping through the module, you will see alert generating for this thus confirming IPS functionality
btanExec ConsultantCommented:
Quick summary ref
1. Create or use an existing ACL.
2. Use the class-map command to define the IPS traffic class.
3. Use the policy-map command to create an IPS policy map by associating the traffic class with one or more actions.
4. Use the service-policy command to create an IPS security policy by associating the policy map with one or more interfaces.

But before the above, it is good to also verify the AIP SSM Initialization, start to try on create Virtual Sensors and sending Traffic to the AIP SSM for a test. You can also see this example (though not in VPN) from this article may be of help to configure the ASA and the AIP SSM (IPS)
Fuad BazarahAuthor Commented:
HI ,
I still don't see any packets processed by the IPS, I configured the tracking mode as Virtual sensor.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.