Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Deploying 4260 into Architecture Question

Hello,

I have been tasked with updating/evaluating/integrating a Cisco 4260 into an inline state on our current network. Currently it is in promiscuous mode spanning traffic, but no profiles or device management is set to actively block traffic. Inline however are currently two existing ASA 5520's in a redundant active/standby pair. My question is, is it possible to bring 1 IPS into the equation and have it cabled inline to both ASA's. From my understanding there are 6 interfaces on the Cisco 4260, one being  the management interface, and for inline mode to work the interfaces have to work as interface pairs. This leads me to believe that either one or the other ASA can be cabled inline, but not both at the same time based on only having 1 IPS. Is this statement correct? If not please provide details on potential cabling of this device in this scenario.

Thank you,

Charles

Everyone's tags (2)
1 REPLY
Cisco Employee

Deploying 4260 into Architecture Question

Hi Charles,

You may connect the IPS 4260 to both ASAs without a problem. As the ASAs are running in an active/standby failover, traffic will only pass through one ASA at a time.

You may configure interfaces pairs o inline vlan pairs in order to save space.

http://tools.cisco.com/squish/f7C75

http://tools.cisco.com/squish/8cC04

I hope it helps.

regards,

Itzcoatl Espinosa

444
Views
0
Helpful
1
Replies
CreatePlease to create content