Fail over of IPS

Unanswered Question
Nov 26th, 2008

Hi Guys

I have Active/Stand by ASA Firewalls and I want to place 2 IPS between my 2 6500 Core Switches and ASA Firewalls for the Internet Traffic.

Can anyone propose any solution for a complete failove of IPS.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mdreelan Mon, 12/01/2008 - 08:41

Why not put both IPS inline? --for example-- put the active "inside" and "dmz" interfaces from ASA-ACTIVE through IPS#1 and the same for ASA-Standby - put this one's "inside" and "dmz" through IPS#2. If you put the IPS on the outside interface you risk having no visibility on all encrypted traffic.

gwl7810cisco Tue, 12/02/2008 - 00:21

hi mdreelan ,can you give me a diagram about how to connect?

best regard


This Discussion