Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
1
Replies

NME-IPS and 3825 access list to bypass inspection

Central Transport
Level 1
Level 1

‎05-04-2010 07:21 AM - edited ‎03-10-2019 04:58 AM

We have just installed an NME-IPS into our 3825 head-end router which connects all of our remote sites.  We have an access list applied on the serial interface to block certain traffic coming from the remote sites.  With the installation of the NME-IPS, we now also want to exclude any voice traffic from being inspected.  I know this can be accomplished by adding an ACL to the ids-service-module monitoring command.  My question is can both access lists be applied at the same time on the same interface.  And if both can be applied, in what order to they process traffic - interface ACL then IPS ACL or vice-versa.  An example of what we would like to do is shown here:

interface Serial 1/0

description Interface connecting remote sites

ip access-group 102 in

ids-service-module monitoring promiscuous access-list 103

Thanks.

Chris

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-05-2010 11:16 PM

Yes, you are absolutely right. Interface ACL will be processed first, and it will either allow or drop the traffic. If traffic is being dropped by interface ACL, it will not even be passed through to the NME-IPS module, so ACL 103 becomes redundant if traffic is being dropped by interface ACL 102.

Hope that answers your question.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card