Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2 Different Blocking Devices

Router--FW-DMZ-PIX--Interal Network

I have a UDS 4215 to monitor all traffic to/from internal Network & use PIX as blocking device

Now I would like to monitor all traffic in DMZ and use router as blokcing device

May I do that?

Thanks

3 REPLIES

Re: 2 Different Blocking Devices

Hi .. definetely ... with IPS you can use a PIX, Router and CAT 6500 as blocking devices. Just locate the sensor in oine between the DMZ interface and the servers located on teh DMZ segment and configure the router as blocking device !!!.

you can find info on this link

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00803eb01e.html#wp1030293

I hope it helps .. please rate it it does !!!

New Member

Re: 2 Different Blocking Devices

May I do this?

Using Router as block device to protect DMZ only

and

Using PIX as block device to protect Internal network only

New Member

Re: 2 Different Blocking Devices

logintck

Yes you can.

You need to define two blocking profile in case the pix and router have diferent users names and password. If are the same, only one profile is necesary.

Then define 2 blocking devices

At last define only the routing blocking device indicating name of interface, direction and pre and post ACL (optional)

The pix doesn't need to be defined as blocking device because the IPS use the shun command.

I hope this help to you.

Alberto Giorgi from spain. (A new kid in this block)

142
Views
0
Helpful
3
Replies
CreatePlease login to create content