Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
6
Replies

General 4215 Question

Go to solution
ryanwilhelm
Level 1
Level 1

‎05-01-2006 07:31 PM - edited ‎03-10-2019 01:59 AM

I'm quite a newbie to the IDS 4215 configuration; however, we just received ours in-house and I would like to run through the set-up with some experts prior to an extended test.

My question, I have the cables from Fe1/1 and Fe1/2 plugged into two Gigabit ports on our 6509. I have two destination ports (the ports that ultimately connect back to the Fe ports on the 4215) specified on the 6509 and one source port (our PIX router port connected to the 6509).

Given the config info below and the details from above, do I have the cabling correct and will this approach work?

--Config

virtual-sensor vs0

description default virtual sensor

logical-interface idspair1

exit

exit

! ------------------------------

service interface

physical-interfaces FastEthernet0/0

duplex full

speed 100

exit

physical-interfaces FastEthernet0/1

description sensing interface

admin-state enabled

duplex full

speed 100

alt-tcp-reset-interface none

exit

physical-interfaces FastEthernet1/0

description Sensing Pair - Part 1

admin-state enabled

duplex full

speed 100

alt-tcp-reset-interface interface-name FastEthernet1/2

exit

physical-interfaces FastEthernet1/1

description Sensing Pair - Part 2

admin-state enabled

duplex full

speed 100

alt-tcp-reset-interface interface-name FastEthernet1/3

exit

inline-interfaces idspair1

description Initial Pair

interface1 FastEthernet1/0

interface2 FastEthernet1/1

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a.giorgi
Level 1
Level 1
In response to ryanwilhelm

‎05-03-2006 11:32 PM

Ryan:

Yes it will work.

Whith your configuration you will be able to inspect the traffic to and from Internet.

In a future I suggest you configure the rest of the interfaces to sense the internal traffic. You can SPAN a couple of port of your switch (e.g. for differents VLANs) and use de IDS in the promiscuous mode.

I hope this help (please rate it this post and the previous one).

Best regards.

Alberto Giorgi from spain

View solution in original post

0 Helpful
6 Replies 6

Go to solution
ryanwilhelm
Level 1
Level 1

‎05-01-2006 07:35 PM

Ignore the Fe0/1 interface since I just have it established for promiscuous mode monitoring. I would ultimately like to have this device perform in-line IPS functionality. Do I need to somehow return the packets from the "monitor session" commands issued on the 6509?

Thanks for the anticipated help!

Cheers.

0 Helpful

Go to solution
a.giorgi
Level 1
Level 1
In response to ryanwilhelm

‎05-03-2006 02:36 PM

Hi ryanwihelm:

Im sorry but I'm confused with your post.

If you want to do inline IPS then you must to conect FE0/1 to the pix, and FE0/2 to the shitch. Then all the trafic go through the IPS.

Don't forget to conect FE0/0 to the switch (perhaps in other vlan) for management reasons.

This response help to you?

Another comment, Do you know the max througput you have with 4215 is 65 Mbps?

Best regards

Alberto Giorgi from spain (a new kid in this block)

0 Helpful

Go to solution
a.giorgi
Level 1
Level 1
In response to ryanwilhelm

‎05-03-2006 02:38 PM

Hi ryanwihelm:

Im sorry but I'm confused with your post.

If you want to do inline IPS then you must to conect FE0/1 to the pix, and FE0/2 to the shitch. Then all the trafic go through the IPS.

Don't forget to conect FE0/0 to the switch (perhaps in other vlan) for management reasons.

This response help to you?

Another comment, Do you know the max througput you have with 4215 is 65 Mbps?

Best regards

Alberto Giorgi from spain (a new kid in this block)

0 Helpful

Go to solution
a.giorgi
Level 1
Level 1
In response to ryanwilhelm

‎05-03-2006 02:38 PM

Hi ryanwihelm:

Im sorry but I'm confused with your post.

If you want to do inline IPS then you must to conect FE0/1 to the pix, and FE0/2 to the shitch. Then all the trafic go through the IPS.

Don't forget to connect FE0/0 to the switch (perhaps in other vlan) for management reasons.

This response help to you?

Another comment, Do you know the max througput you have with 4215 is 65 Mbps?

Best regards

Alberto Giorgi from spain (a new kid in this block)

0 Helpful

Go to solution
ryanwilhelm
Level 1
Level 1
In response to a.giorgi

‎05-03-2006 05:24 PM

Thanks. My FE0/0 is my management port and I will be using FE1/0 and FE1/1 for sensing (leaving open FE0/1, FE1/2. amd FE1/3 open for future use). I'd like to inspect traffic for a PIX firewall bound at 100Mbps, so I'm not losing too much in terms of throughput. Would my approach work with the given configuration?

0 Helpful

Go to solution
a.giorgi
Level 1
Level 1
In response to ryanwilhelm

‎05-03-2006 11:32 PM

Ryan:

Yes it will work.

Whith your configuration you will be able to inspect the traffic to and from Internet.

In a future I suggest you configure the rest of the interfaces to sense the internal traffic. You can SPAN a couple of port of your switch (e.g. for differents VLANs) and use de IDS in the promiscuous mode.

I hope this help (please rate it this post and the previous one).

Best regards.

Alberto Giorgi from spain

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card