AIM-IPS-K9 with 2811

Unanswered Question
Dec 1st, 2008
User Badges:

Good day,


I am trying to find config. example to enable inline monitoring on the AIM card.


AIM-IPS-K9 with 2811


Also, I would like to bypass all the VoIP traffic from traversing the AIM card. I think this can be accomplished with an access list on the Gig interface of the AIM card.


Having some issues finding info. on AIM cards.


Thanks,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mdreelan Mon, 12/01/2008 - 08:35
User Badges:

ids-service-module monitoring inline access-list myacl


I actually use this command on the data sub-interface (and that bypasses voip --although there are voip specific signatures --) . I did have some problems in a few tests I ran trying to use the IPS inline and use and ACL, so please let me know your results.

Complete Interface Example:

interface FastEthernet0/0.90

description DATA

encapsulation dot1Q 90 native

ip address 10.5.90.1 255.255.255.0

ip helper-address 172.17.5.20

ids-service-module monitoring inline




ROBERTO TACCON Tue, 12/16/2008 - 00:57
User Badges:

May I ask you the following:


- what happens to inline traffic when you exceed the declared throughput ? Is traffic dropped or is it forwarded without IPS inspection ?



marcabal Tue, 12/16/2008 - 08:22
User Badges:
  • Cisco Employee,

Traffic that doesn't get analyzed by the sensor because of exceeding throughput will be dropped.


I see that you are using an AIM-IPS-K9.

If you think you will be near the performance limits of the AIM, then you might consider purchasing an NME instead which has higher performance.


You might also consider analyzing the type of traffic going through your router and see if you want to permit some of the traffic through without being analyzed by the AIM.

You can create an access-list to permit that traffic you do not want analyzed and the router will route it through without sending it to the AIM. Simply create the access-list and add the access-list to the end of the ids-service-module command:

ids-service-module monitoring inline access-list 101


ROBERTO TACCON Tue, 12/16/2008 - 08:42
User Badges:

Thansk in advance for the reply.


I can't find an answer to the following q:


Need to know the performance about the Cisco router 28XX.


In particular I've found on cisco web site for the Cisco router 2821 the following info:


Firewall performance : 208 Mbps

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/C78-345384-04_CiscoIntegratedFirewallSolutions.html



Routing PPS (64 Byte): 170,000 (87.04 Mbps)

http://www.cisco.com/web/partners/tools/quickreference/index.html



Can you help me cause I can't understand why the firewall performance are better than the routing performance ?



Thanks in advance, best regards



Actions

This Discussion