This is a pretty dumb question, and may have already the answer, but none the less... Does it matter the IP address i assign to the IPS module? I mean of course it is an IP address on the inside but does it matter if it is a part of the normal data subnet we have allocated? i was think of giviing the IPS module an IP address on our network management subnet?
Greatly appreciate the feedback in advance.. and plze be brutally honest.. as
As it's just for management you can give it any IP you want. I have a seperate VLAN for my IPS sensors, but putting it in your management network is just fine too. If you want to enable auto updates make sure there is a NAT setup for it's IP to access the outside.
The Management IP address you assign to the AIP-SSM module will be assigned to that external ethernet interface jack on the module.
Whatever network you'd like to connect that interface to will help decide what network the address will live in.
Personally, I'd keep it within a management network if possible. You don;t need to expose it to production traffic. Every now and then there is a DoS vulnerbility on the management interfaces of devices, you can avoid your exposure to them if you have a segerated management network.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :