Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Two 6500 One IPS 4260


We have two 6509 switches and one IPS 4260 appliance (to protect servers).All the servers are homed directly on to the core switches. There is no server agggregation switch.So we plan ti use the IPS in promiscous mode.The server vlan will be on HSRP.So should the IPS be connected to only the core switch where serrver vlan is active and when there is a failure of that core, manually connect it to the other core.Basically we would also like to use the TCP reset feature.But a sensing interface cannot do a reset. So how can the IPS be properly placed in this scenario?

Thanks in advance.


Re: Two 6500 One IPS 4260

I believe you can send TCP reset on the sensing interface as well.

Only need to specify the ingress vlan on the switch port to which the IPS sesing interface is connected.

Something like this, if server vlan is vlan 100 :-

monitor session 1 source vlan 100 rx

monitor session 1 destination interface Fa0/20 ingress vlan 100

And for redundancy, can you use two physical interfaces of the IPS, each connecting to different switch, and the traffic is monitored on the active SW interface.

Hope this helps.

New Member

Re: Two 6500 One IPS 4260

Hi Thanks for the reply. Actually on the 6500s we have FWSMs as well and the default gatewys for the servers are the FWSM.Basically we would like to protect the server fram from internal users using one IPS appliance 4260.(There is a separate IPS for outside users). Is it possible to do this in inline vlan pair mode in this scenario. ie server switcport in vlan 22 (L2 vlan), vlan 2 pushed to FWSM as interface vlan 2 for gateway of servers. The physical port that connects the IPS appliacnce to the core would be a trunk allowing both 22 and 2 and mapping done on IDS and then traffic sent to FWSM. is this feasible with scenario?

Thnaks in advance.

CreatePlease to create content