Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IPS Design Help

Hi All,

There are two ASA with failover and two switches, one internal switch and one DMZ switch. Both ASAs connected to two switches. Now we want to implement IPS here. we are using 4240 model. I want to use two inline interface pairs one for DMZ and one for internal. But the problem is there two ASA. If you show me high level design and how connect ASA to IPS then to switch, that would be very appreciated.

Thanks

Al

2 REPLIES
Gold

Re: IPS Design Help

Al -

use the switches to create seperate VLANS for IPS-Internal-inside

IPS-Internal-outside

IPS-DMZ-inside

IPS-DMZ-outside

Make the connections between the inside and outside VLANS thru the 4240.

Add a second eithernet cable between the inside and outside and give it a higher STP cost for failover.

New Member

Re: IPS Design Help

THanks for your reply,

ASA has three interfaces, one is outside, one is inside and the other one is DMZ. inside and DMZ interfaces are trunk ports with bunch of VLANs each and they are connected to two switches with trunk ports. these two switches are not connected to each other and they are connected to seperate network.

sorry for incomplete description. any suggestion would be very apprecited.

thanks

170
Views
0
Helpful
2
Replies
CreatePlease to create content