Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS Network Design

Trying to work out a way using "Firewall" and "IPS" on a stick type configs.

My diagram:

Theres a lot of unnecessary information missing but thats pretty much what I'm trying to do.

So in the diagram:

- Red lines are physical links (as in there will be 20 x Gigabit Ethernet connections from a WS-48 to each server or workstation... etc)

- Blue lines are trunks

- and the green line is a single phyiscal link to the router

I'm trying to figure out a way to get both Firewall and IPS inline between each of the VLANs on the core switch, I don't think its possible though without going through either the firewall or the IPS twice.

An example, when a host on Server VLAN connects to a host on the Workstation VLAN, it goes through both the firewall and the IPS. When a host on the workstation VLAN connects to a host on the internetit goes through both firewall and IPS...

Any ideas?

New Member

IPS Network Design

You might be able to setup VRF to create a separate place on the swtich for each VLAN. Then just use the ASA to route traffic between each.

New Member

IPS Network Design

Then how would I fit the IPS in?