Complete IPS Solution

scomar · ‎07-26-2006

I just upgraded my network backbone to the 4507r switch using sup IV and netflow cards. I also upgraded my Internet and core routers to the 2821 and 2851 respectively.

I will also be installing a ASA-5520 w/ csc-ssm-20 module.

How should I proceed with implementing an IPS solution that will protect my network from the outside world, as well as from other devices on our LAN/WAN environ.

Our company has 3 remote sites. Two of which are connected to corp via a MPLS network and one is connected to corp via a point-to-point T1.

What is the Cisco solution to do this?

Can I use non-Cisco IPS solutions along with Cisco equipment, such as Lancope's StealthWatch XE for Cisco's Netflow?

Fernando_Meza · ‎07-26-2006

Hi ...there are several sensors that could cater for your environment based on the ammount of traffic you are planning to inspect. As per the location I suggest placing a sensor behind the firewall ( in in-line between the inside interface of your ASA and the LAN ). In that way traffic to/from the LAN will be inspected. Also .. if you have cisco devices such as routers or firewalls at the remote sites ,you could further protect them by using the sensor as device manager .. in other words you can configure the sensor so that in the event of an attack it can push down access-list entries to your remote cisco devices as well.

I suggest to check the sensor portfolio which will provide you with detailed information.

http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801eeea5.html

I hope it helps ... please rate it if it does !!!