I am looking to order a NM-CIDS-K9 module into a 2811 for a remote facility. This router will be installed into a facility that has ist own internet connection and LAN. We are trying to protect this new link back to our corporate in the even the two networks are needed to be interconnected.
A couple of questons have come up regarding this module.
1) Can it run in IPS mode and NOT just IDS mode?
2) Would it be a good idea to beef up the memory on the router to support this module?
3) Do I still need a support contract to get the updates or would the smartnet on the hardware cover the IDS module software.
1) The NM-CIDS does not support InLine IPS mode. It only supports Promiscuous IDS mode.
Currently you would need to purchase an Appliance (or an ASA with an IPS SSM module) in order to get InLine IPS functionality.
2) Sending packets to the NM-CIDS will place extra load on the router. The extra load is more an issue of CPU rather than memory. So additional memory is not necessary. But if your traffic is fairly high then you may need to upgrade from a 2800 to a 3800 router to handle the extra cpu load.
3) The NM-CIDS is not covered under the router's smartnet contract. A separate Cisco Service for IPS maintenance contract must be purchased for the NM-CIDS.
The Cisco Service for IPS contract covers the NM-CIDS hardware, IPS software, and IPS Signature Updates.
Ok .. thanks for the information. I have been going over the informatin from our Cisco partner and trying to verify a few things.
I was wondering about the NM-CIDS module as I have a note from one of my coleagues that our Cisco rep told him that the module could work in IPS mode not IDS mode. We have an IDS-4215 here that is currently not in the InLine mode but are thinking about moving it InLine. Considering what this router is going to be used for we are just trying to make sure we cover all the possible bases.
In regards to the Service contract the online configurator did not make any recommendations and there does not see to be a way to add it so I guess our Cisco Partner can take care of that when we order. Once again, trying to make sure we are not paying for somethign we don't need or forget to order something that we do need.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :