IPS Design Help

Unanswered Question
Oct 31st, 2008

Hi All,

There are two ASA with failover and two switches, one internal switch and one DMZ switch. Both ASAs connected to two switches. Now we want to implement IPS here. we are using 4240 model. I want to use two inline interface pairs one for DMZ and one for internal. But the problem is there two ASA. If you show me high level design and how connect ASA to IPS then to switch, that would be very appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Fri, 10/31/2008 - 14:26

Al -

use the switches to create seperate VLANS for IPS-Internal-inside




Make the connections between the inside and outside VLANS thru the 4240.

Add a second eithernet cable between the inside and outside and give it a higher STP cost for failover.

alex goshtaei Fri, 10/31/2008 - 14:40

THanks for your reply,

ASA has three interfaces, one is outside, one is inside and the other one is DMZ. inside and DMZ interfaces are trunk ports with bunch of VLANs each and they are connected to two switches with trunk ports. these two switches are not connected to each other and they are connected to seperate network.

sorry for incomplete description. any suggestion would be very apprecited.



This Discussion