Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5525-X IPS with Transparent Mode

Can I implement the new ASA 5525-X IPS in transparent mode? Can I still have fail open features with it? What are the pros and cons with this mode?

1 ACCEPTED SOLUTION

Accepted Solutions

ASA 5525-X IPS with Transparent Mode

Hello,

That for sure, no problem.

The IPS can sit inline

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
5 REPLIES

ASA 5525-X IPS with Transparent Mode

Hello,

Sure you can.

Regarding the IPS and Firewall there are no such restrictions.

Restrictions would be with the way the ASA behaves.

EX:

No  VPN support

No routing protocols.

Stuff like that buddy

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

ASA 5525-X IPS with Transparent Mode

So all I need to do is from the active firewall inside interface--> connect it to ASA IPS ----> L3 switch.

IPS will be active only when the primary firewall is active.

Do I need to allow any specific rules on IPS for the ASA HA pair to work when I insert IPS in between primary and the L3 switch?

ASA 5525-X IPS with Transparent Mode

Hello,

Remember that the ASA 5500-X Family use a software based IPS. So no physical interface to connect but logicals.

Now, you are talking about fail-over between ASAs. Before was fail-open and fail-closed with the IPS itself.

The answer to the last question is yes, if the active ASA fails then the ASA will too. There will be a switchover.

No special rules, no worry. From the IPS perspective it will work the same.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

ASA 5525-X IPS with Transparent Mode

Can I have ASA-IPS in inline mode with transparent mode as well?

ASA 5525-X IPS with Transparent Mode

Hello,

That for sure, no problem.

The IPS can sit inline

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
201
Views
0
Helpful
5
Replies