We have a 6500 core switch and a ASA facing the internet. The 6500 core switch has any traffic from inside or outside flowing through it. I plan to deploy IPS/IDS devices in our network. It seems I can put IPS module for ASA at internet edge. Or I can put a IPS module in 6500 switch. The other solution is to put a 4200 series IPS/IDS. But I prefer the intergrated module solution.
I think putting IPS module at ASA only checks the traffic from the internet or out to the internet. For the internal traffic, like one remote office accesses the other one, this kind of traffic can't be monitored by IPS at ASA. So I'm thinking to put IPS module at 6500 may make more sense since every traffic must go through there.
Yes, you can have the IDSM2 module in your CAT 6K. However, please check how much traffic will be traversing the IDSM2 module since you mention internal as well as traffic towards the internet. Please ensure that the performance of the internal traffic is not impacted. Also depends on whether you will be configuring the IPS in promiscuous or inline mode.
Thank you! So I would say internal traffic is up to 5 Gbps. I notice that ISDM module only support 2Gbps. That might be a problem. Even two ISDM is not enough. So FWSM can't do the IPS/IDS function, right?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...