Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
4
Replies

Regarding deploying IPS in inline mode

gautamzone
Level 1
Level 1

‎12-17-2007 02:03 AM - edited ‎03-10-2019 03:54 AM

Dear friends

Just a query about operating IPS 4255 in inline mode. Currently, it is operating in promiscious mode. Now, i am planning to change to inline mode for just one segment (Internet vlan - 15) connecting the 4507 core switch 4507 and the 515 firewall.

I am planning to add another Layer 2 vlan viz. Vlan 16. The IPS can then act inline bridging traffic between vlan 16 and vlan 15.

I have enclosed a diagram for your kind reference. As you will see, the firewall and core switch are still in the same Layer 3 subnet but the firewall is in vlan 16 and not in vlan 15.

What is confusing me is the switch configuration for Switch A and B. I am not sure which ones are to be trunked and which ones are to be put in vlan 15 or 16.

This diagram just depicts the proposed plan. Can you let me know if this is correct. Any suggestion / feedback on this will really be appreciated.

Thanks a lot

Gautam

Labels:
0 Helpful
4 Replies 4

gautamzone
Level 1
Level 1

‎12-17-2007 02:06 AM

Sorry, missed attaching the diagram.

Please find enclosed the diagram.

Preview file
48 KB
0 Helpful

ccbootcamp
Level 7
Level 7
In response to gautamzone

‎12-17-2007 03:31 AM

Why not use inline mode and a single VLAN? Why are you adding another VLAN?

-brad

http://www.ccbootcamp.com

(please rate the post if this helps!)

0 Helpful

gautamzone
Level 1
Level 1
In response to ccbootcamp

‎12-20-2007 05:40 AM

Thanks a lot Brad. But my understanding was that to put IPS in inline mode, you need to create another VLAN and use the IPS to bridge between both the Vlan's.

Can you shed more light on how do you achieve this with just one VLAN?

Thanks a lot

Gautam

0 Helpful

mherald
Level 1
Level 1
In response to gautamzone

‎12-31-2007 05:45 PM

When you put an IDSM2 IPS in-line mode, use two VLANs. If you have a 4200 series sensor, use the same VLAN on both sides of the interfaces used as an in-line pair.

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card