Hi ..please see below from a session of Networkers 2005
?Layer three: Pix failover, Cisco IOS HSRP
?Layer two: spanning tree
Typical IPS sensors (non layer three) do not and cannot control network failover; they function like a wire and a failure of the sensor should look like a failure of a wire; the network will respond accordingly; fail-open capabilities help but do not truly solve the problem.Æ
True High Availability Is Something Built into the Network, Never Built into a Single Piece of Hardware or SoftwareÅ "
Basically .. what is saying is that you can't configure failover as you would with a pix for example .. but you need to design the traffic flow in a way that if one of the ISDM-2 fails, the traffic is re-directed to the second one for inspection .. now how can you do this for intra-switch and inter-switch modules without manual intervention ( chaning the VACL or repatching ) is something I also would like to know .. I hope some Cisco Engineer might be able to post some info or whitepapers on this issue.
Regarding fail-open capability, does idsm support it? When I looked at the configuration setup of the idsm, it does not show a fail-open functionality (I've tried it already with our IPS 4250sx box and it does support fail-open). This means that when my idsm fails the traffic that is traversing the idsm will be disconnected. How do we resolve this?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :