Re: Validate PIX & IPS Network Design

vxnguyen · ‎01-30-2006

Attached is my network design of the PIX and the IPS in promiscuous mode (non-inline). It doesn't look sound:

1. Is it possible to set up the IPS in non-inline mode with two sensors?

2. Can the IPS direct blocking commands to the PIX through the Desktop Management console? If not, do I need to place an internal switch for the desktop console and the command/control interfaces of the PIX and IPS?

3. Other comments/suggestions?

b.hsu · ‎02-03-2006

Cisco IPS Version 5.0 Sensor can be configured either in the IPS (inline) mode or the promiscuous IDS mode. If your sensor already has more than one monitoring interface, no additional hardware is required to run Cisco IPS Sensor Software Version 5.0 in the IPS (inline) mode. IPS services require at least one monitoring interface pair (two monitoring interfaces). Cisco provides the option of upgrading sensors with a single monitoring interface to support multiple monitoring interfaces. For more information on the various IDS and IPS sensor platforms and part numbers, please refer to Cisco IPS 4200 Series Data Sheet located at: http://www.cisco.com/go/ips

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_qanda_item0900aecd801e6a99.shtml

vxnguyen · ‎02-04-2006

Thanks. Here is my question restated:

Can the IPS 4255 be configured with more than 1 sensor interface in promiscuous mode. In other words, can I configure one IPS device with two or three sensor interfaces in Promiscuous mode (not inline).

vxnguyen · ‎02-08-2006

Thanks for the response. I understand a monitoring or sensing interface pair is required for IPS 4255 services in inline mode. In promisuous mode, can the Cisco IPS 4255 operate with just one monitoring interface.

Thanks.