I'm not sure if this is relevant to your situation, but here is how I have a gateway 6K switch set up with an external 4255 IPS device. You should be able to substitute the IDMS2 though.
Internet -> port 1/2 Vlan 5 -> port 3/1 Vlan 5 -> 4255 vlan pair to -> port 3/2 Vlan 2 -> MSFC Route Module -> rest of vlans internal...
What I am doing in bringing my uplink in on a physical port that is in Vlan 5. I put one side of my IPS sensor into Vlan 5. These two ports are the only ports in Vlan 5. The IPS sensor port is vlan paired through the sensor to a port in Vlan 2. From this point, my MSFC route module has virtual interfaces for Vlan 2 and all of the rest of my internal Vlans. There is no route entry for Vlan 5, it is a pure switching vlan.
What I like about this setup is that the IPS is transparent. If I have a problem with my IPS device or if I am doing an image upgrade, I can move the vlan for port 1/2 into Vlan 2 and logically bypass the IPS device...taking it out of inline without having to change anything else in the switch config and only having to wait for the spanning tree to converge.
For the IDSM2, since the ports are trunk ports, you'd want to set the native vlan to the target vlan of each port and set the allowed vlans to just the target vlan of each port (ports 7 & 8).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :