Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Silver

FWSM and Inline IPS Question

I have an ISS IPS that I would like to put inline in front of my FWSM. This should be straight forward, but I want to use transit VLANs instead of physical connections. My question is can this be done? If it can, how would I do it? I have accomplished this same thing with an IPS appliance, but I am not sure if it will work the same with the FWSM.

Thanks.

Jay

6 REPLIES

Re: FWSM and Inline IPS Question

What do you mean "to use transit VLANs instead of physical connections"?

Silver

Re: FWSM and Inline IPS Question

The IPS will work if you create two VLANs and use it as a bridge. Alternatively, you can physically connect the IPS to network devices.

Re: FWSM and Inline IPS Question

what's the problem?

create two vlans and let the IPS to be a bridge beween them.

Silver

Re: FWSM and Inline IPS Question

Here is a sketch of what I'm trying to do... I just want to know if it will work?

Thanks.

Jay

Re: FWSM and Inline IPS Question

If your IPS can work inline So It will do.

You can easily inclide/exclude the IPS from switching path just put your vpn concentrator's inteface in vlan 15 or 10.

Re: FWSM and Inline IPS Question

If your ISS IPS supports Inline Mode, then everything should be fine. As far as the FWSM and VPN concentrator are concerned, adding a layer 2 device does not change much for them.

A properly configured IPS is just a 'transparent' device like a L2 switch.

Regards

Farrukh

266
Views
0
Helpful
6
Replies
CreatePlease to create content