I have two ASA-5520's in active/standby mode servicing a 500-node LAN w/ 1 outside interface, 1 inside interface, and 1 DMZ. How best to implement IPS, preferably using integrated modules, and without introducing a single point of failure? Also, what software would I need to install & manage IPS? Can it be managed thru ASDM or is something like Cisco Security Manager (CSM) necessary? TIA!
You don;t mention if you want to do in-line IPS or promiscious mode IDS.
We'll assume you want in-line IPS. You'll need an AIP-SSM module in each ASA5520 chassis. they will operate independantly (unlike the firewalls that maintain state between them), and you'll suffer a little when traffic fails over between active and standby ASAs. The size of the AIP-SSM modules will depend on how much traffic you're pushing thru your firewall interfaces that require inspection, including your DMZs. Don't believe the Cisco performance numbers. Since you only have two IPS sensors I wouldn't reccomend CSM. use the CLI, build in GUI or the free up-to-5-sensor management application.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...