I'm attempting to configure an IPS for my first time and have a few questions... I went through Cisco's quick start guide and it appears that the ASA management and IPS management can have seperate IPs on the same management interface, is that correct?
I already have an ASA in use on my network and just want to add the 5512x IPS behind my ASA firewall to check for intrusion attempts. Could someone give advice on the best way of implementin this? I do not have a seperate management network so I'm not sure if I should be using the management port at all. For the IPS to act as inline, would I configure 2 interfaces on the ASA, 1 going to my firewall ASA and the other interface going to my internal network? I only want the IPS device to act as an IPS, I don't need the firewall capabilities.
just to bring a different design into the game: Can't you replace your actual ASA with the new one that has IPS enabled? That will give you a much simpler design.
If you really want to separate the two functions then the IPS-ASA doesn't need a dedicated managemt interface. just connect it to your internal network with an IP-config that matches that network. The inline-config is as you wrote, one interface to the ASa, one interface to the internal network. As you only want IPS on the new device and no firewalling you could also configure state-bypass on the ASA that does IPS.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :