Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

5515x inline IPS questions...

I'm attempting to configure an IPS for my first time and have a few questions... I went through Cisco's quick start guide and it appears that the ASA management and IPS management can have seperate IPs on the same management interface, is that correct?

I already have an ASA in use on my network and just want to add the 5512x IPS behind my ASA firewall to check for intrusion attempts. Could someone give advice on the best way of implementin this? I do not have a seperate management network so I'm not sure if I should be using the management port at all. For the IPS to act as inline, would I configure 2 interfaces on the ASA, 1 going to my firewall ASA and the other interface going to my internal network? I only want the IPS device to act as an IPS, I don't need the firewall capabilities.

Thanks for any advice!           

VIP Purple

Re: 5515x inline IPS questions...

just to bring a different design into the game: Can't you replace your actual ASA with the new one that has IPS enabled? That will give you a much simpler design.

If you really want to separate the two functions then the IPS-ASA doesn't need a dedicated managemt interface. just connect it to your internal network with an IP-config that matches that network.
The inline-config is as you wrote, one interface to the ASa, one interface to the internal network. As you only want IPS on the new device and no firewalling you could also configure state-bypass on the ASA that does IPS.

Sent from Cisco Technical Support iPad App

CreatePlease to create content