AIM-IPS-K9 with 2811

Unanswered Question
Dec 1st, 2008

Good day,

I am trying to find config. example to enable inline monitoring on the AIM card.

AIM-IPS-K9 with 2811

Also, I would like to bypass all the VoIP traffic from traversing the AIM card. I think this can be accomplished with an access list on the Gig interface of the AIM card.

Having some issues finding info. on AIM cards.

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mdreelan Mon, 12/01/2008 - 08:35

ids-service-module monitoring inline access-list myacl

I actually use this command on the data sub-interface (and that bypasses voip --although there are voip specific signatures --) . I did have some problems in a few tests I ran trying to use the IPS inline and use and ACL, so please let me know your results.

Complete Interface Example:

interface FastEthernet0/0.90

description DATA

encapsulation dot1Q 90 native

ip address 10.5.90.1 255.255.255.0

ip helper-address 172.17.5.20

ids-service-module monitoring inline

ROBERTO TACCON Tue, 12/16/2008 - 00:57

May I ask you the following:

- what happens to inline traffic when you exceed the declared throughput ? Is traffic dropped or is it forwarded without IPS inspection ?

marcabal Tue, 12/16/2008 - 08:22

Traffic that doesn't get analyzed by the sensor because of exceeding throughput will be dropped.

I see that you are using an AIM-IPS-K9.

If you think you will be near the performance limits of the AIM, then you might consider purchasing an NME instead which has higher performance.

You might also consider analyzing the type of traffic going through your router and see if you want to permit some of the traffic through without being analyzed by the AIM.

You can create an access-list to permit that traffic you do not want analyzed and the router will route it through without sending it to the AIM. Simply create the access-list and add the access-list to the end of the ids-service-module command:

ids-service-module monitoring inline access-list 101

ROBERTO TACCON Tue, 12/16/2008 - 08:42

Thansk in advance for the reply.

I can't find an answer to the following q:

Need to know the performance about the Cisco router 28XX.

In particular I've found on cisco web site for the Cisco router 2821 the following info:

Firewall performance : 208 Mbps

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/C78-345384-04_CiscoIntegratedFirewallSolutions.html

Routing PPS (64 Byte): 170,000 (87.04 Mbps)

http://www.cisco.com/web/partners/tools/quickreference/index.html

Can you help me cause I can't understand why the firewall performance are better than the routing performance ?

Thanks in advance, best regards

Actions

This Discussion