Deploying 4260 into Architecture Question

Unanswered Question
Sep 23rd, 2013
User Badges:

Hello,


I have been tasked with updating/evaluating/integrating a Cisco 4260 into an inline state on our current network. Currently it is in promiscuous mode spanning traffic, but no profiles or device management is set to actively block traffic. Inline however are currently two existing ASA 5520's in a redundant active/standby pair. My question is, is it possible to bring 1 IPS into the equation and have it cabled inline to both ASA's. From my understanding there are 6 interfaces on the Cisco 4260, one being  the management interface, and for inline mode to work the interfaces have to work as interface pairs. This leads me to believe that either one or the other ASA can be cabled inline, but not both at the same time based on only having 1 IPS. Is this statement correct? If not please provide details on potential cabling of this device in this scenario.


Thank you,

Charles

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Itzcoatl Espinosa Tue, 10/01/2013 - 15:52
User Badges:
  • Cisco Employee,
  • Events Top Contributors,

    2013

Hi Charles,


You may connect the IPS 4260 to both ASAs without a problem. As the ASAs are running in an active/standby failover, traffic will only pass through one ASA at a time.


You may configure interfaces pairs o inline vlan pairs in order to save space.


http://tools.cisco.com/squish/f7C75


http://tools.cisco.com/squish/8cC04


I hope it helps.


regards,


Itzcoatl Espinosa

Actions

This Discussion

Related Content