We have a 6500 core switch and a ASA facing the internet. The 6500 core switch has any traffic from inside or outside flowing through it. I plan to deploy IPS/IDS devices in our network. It seems I can put IPS module for ASA at internet edge. Or I can put a IPS module in 6500 switch. The other solution is to put a 4200 series IPS/IDS. But I prefer the intergrated module solution.
I think putting IPS module at ASA only checks the traffic from the internet or out to the internet. For the internal traffic, like one remote office accesses the other one, this kind of traffic can't be monitored by IPS at ASA. So I'm thinking to put IPS module at 6500 may make more sense since every traffic must go through there.
Am I correct? Any advice is appreciated.