Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Idsm 2- Inline Mode Deployment

I would like to configure an IDSM-2 in inline mode, I am having trouble about the deployment, I have a couple of questions;

1. If you configure 2 VLANs (existing) as VLAN pairs does this mean the exist connection between the 2 VLANs is broken?

ie they can only communicate to each other via IPS.

2. Where is the best place to deploy this type of IPS?

Everyone's tags (3)
2 REPLIES
Bronze

Idsm 2- Inline Mode Deployment

This guide should help you in the IDSM2 inline configuration.

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1187460

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

Idsm 2- Inline Mode Deployment

In an inline VLAN-pair scenario, the IDSM2 will bridge the VLANs together using VLAN tag swapping.  Below is a quick topo sketch of an inline design where this might be used.

6500 MSFC--VL10--(inside) FWSM (outside)--VLAN 11--IDSM--VLAN 111--RTR--INTERNET

In the example above, the FWSM outside and RTR inside interfaces sit on the same Layer 3 subnet but different Layer 2 VLANs.  The IDSM is positioned inline using an inline VLAN-pair.  Traffic leaving the FWSM towards the Internet will go into the trunk to the IDSM on VLAN 11.  The IDSM will then swap the VLAN tag to 111 before fowarding the packet down the trunk.  This process allows the traffic to be influenced into the IDSM for inspection.

http://www.cisco.com/en/US/customer/docs/security/ips/7.0/configuration/guide/cli/cli_interfaces.html#wp1047718

718
Views
0
Helpful
2
Replies
CreatePlease login to create content