Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

AIM-IPS-K9 with 2811

Good day,

I am trying to find config. example to enable inline monitoring on the AIM card.

AIM-IPS-K9 with 2811

Also, I would like to bypass all the VoIP traffic from traversing the AIM card. I think this can be accomplished with an access list on the Gig interface of the AIM card.

Having some issues finding info. on AIM cards.

Thanks,

5 REPLIES
New Member

Re: AIM-IPS-K9 with 2811

ids-service-module monitoring inline access-list myacl

I actually use this command on the data sub-interface (and that bypasses voip --although there are voip specific signatures --) . I did have some problems in a few tests I ran trying to use the IPS inline and use and ACL, so please let me know your results.

Complete Interface Example:

interface FastEthernet0/0.90

description DATA

encapsulation dot1Q 90 native

ip address 10.5.90.1 255.255.255.0

ip helper-address 172.17.5.20

ids-service-module monitoring inline

New Member

Re: AIM-IPS-K9 with 2811

New Member

Re: AIM-IPS-K9 with 2811

May I ask you the following:

- what happens to inline traffic when you exceed the declared throughput ? Is traffic dropped or is it forwarded without IPS inspection ?

Cisco Employee

Re: AIM-IPS-K9 with 2811

Traffic that doesn't get analyzed by the sensor because of exceeding throughput will be dropped.

I see that you are using an AIM-IPS-K9.

If you think you will be near the performance limits of the AIM, then you might consider purchasing an NME instead which has higher performance.

You might also consider analyzing the type of traffic going through your router and see if you want to permit some of the traffic through without being analyzed by the AIM.

You can create an access-list to permit that traffic you do not want analyzed and the router will route it through without sending it to the AIM. Simply create the access-list and add the access-list to the end of the ids-service-module command:

ids-service-module monitoring inline access-list 101

New Member

Re: AIM-IPS-K9 with 2811

Thansk in advance for the reply.

I can't find an answer to the following q:

Need to know the performance about the Cisco router 28XX.

In particular I've found on cisco web site for the Cisco router 2821 the following info:

Firewall performance : 208 Mbps

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/C78-345384-04_CiscoIntegratedFirewallSolutions.html

Routing PPS (64 Byte): 170,000 (87.04 Mbps)

http://www.cisco.com/web/partners/tools/quickreference/index.html

Can you help me cause I can't understand why the firewall performance are better than the routing performance ?

Thanks in advance, best regards

539
Views
0
Helpful
5
Replies
CreatePlease to create content