Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Regarding deploying IPS in inline mode

Dear friends

Just a query about operating IPS 4255 in inline mode. Currently, it is operating in promiscious mode. Now, i am planning to change to inline mode for just one segment (Internet vlan - 15) connecting the 4507 core switch 4507 and the 515 firewall.

I am planning to add another Layer 2 vlan viz. Vlan 16. The IPS can then act inline bridging traffic between vlan 16 and vlan 15.

I have enclosed a diagram for your kind reference. As you will see, the firewall and core switch are still in the same Layer 3 subnet but the firewall is in vlan 16 and not in vlan 15.

What is confusing me is the switch configuration for Switch A and B. I am not sure which ones are to be trunked and which ones are to be put in vlan 15 or 16.

This diagram just depicts the proposed plan. Can you let me know if this is correct. Any suggestion / feedback on this will really be appreciated.

Thanks a lot

Gautam

4 REPLIES
Community Member

Re: Regarding deploying IPS in inline mode

Sorry, missed attaching the diagram.

Please find enclosed the diagram.

Re: Regarding deploying IPS in inline mode

Why not use inline mode and a single VLAN? Why are you adding another VLAN?

-brad

http://www.ccbootcamp.com

(please rate the post if this helps!)

Community Member

Re: Regarding deploying IPS in inline mode

Thanks a lot Brad. But my understanding was that to put IPS in inline mode, you need to create another VLAN and use the IPS to bridge between both the Vlan's.

Can you shed more light on how do you achieve this with just one VLAN?

Thanks a lot

Gautam

Community Member

Re: Regarding deploying IPS in inline mode

When you put an IDSM2 IPS in-line mode, use two VLANs. If you have a 4200 series sensor, use the same VLAN on both sides of the interfaces used as an in-line pair.

Mike

322
Views
0
Helpful
4
Replies
CreatePlease to create content