I'm working with 2 4260 and a 4270, I will be implementing vlan pair and I would like to know what happens with the traffic if for any reason the IPS fails. Lets say that the failure is due to a power issue.
But you mentioned that you were doing a VLAN pair, this will not work with a hardware failopen feature (such as the one found in the 4GE card).
You are arriving at the IPS sensor on one VLAN and leaving the IPS Sensor on a different VLAN (on the same interface? on different interfaces?) When the IPS sensor is functioning normally, it will translate the VLAN header between the two directions of traffic. A hardware failopen will NOT translate VLAN headers.
If you want to contunie to use VLAN pairs, you will need to perfrom your fail over functionality in an external device, such as a switch.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...