I have an ASA 5540 F/W and a ASA 5520 IPS with AIP-SSM 20.
Rite now ASA 5540 is conected with the internet Router on the outside interface , there is an inside zone and a DMZ zone as well.
My Question is where shud i put IPS?
1_ Between the internet router and the ASA 5540
2_ or in the inside zone ?
If i were to put it in between the outside zone i.e between ASA 5540 Outside and the internet router then do i require separate WAN ips for the inside and outside of IPS ?? currently as required ASA 5540 outside has been configured a WAN ip
so if i were to put it as Internet Router -- ASA 5540 --ASA 5520 (IPS) then shud IPS be put in the DMZ zone ??or the Inside zone ..i guess it shud b in the DMZ zone ...in that case it will be assigned a LAN ip on both interfaces.?
I am not sure I understand your requirement for the second ASA. You could just install the SSM-20 into the 5540 and choose to inspect traffic either globally (all interfaces) or on a subset of interfaces.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...