Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Validate PIX & IPS Network Design

Attached is my network design of the PIX and the IPS in promiscuous mode (non-inline). It doesn't look sound:

1. Is it possible to set up the IPS in non-inline mode with two sensors?

2. Can the IPS direct blocking commands to the PIX through the Desktop Management console? If not, do I need to place an internal switch for the desktop console and the command/control interfaces of the PIX and IPS?

3. Other comments/suggestions?


Re: Validate PIX & IPS Network Design

Cisco IPS Version 5.0 Sensor can be configured either in the IPS (inline) mode or the promiscuous IDS mode. If your sensor already has more than one monitoring interface, no additional hardware is required to run Cisco IPS Sensor Software Version 5.0 in the IPS (inline) mode. IPS services require at least one monitoring interface pair (two monitoring interfaces). Cisco provides the option of upgrading sensors with a single monitoring interface to support multiple monitoring interfaces. For more information on the various IDS and IPS sensor platforms and part numbers, please refer to Cisco IPS 4200 Series Data Sheet located at:

New Member

Re: Validate PIX & IPS Network Design

Thanks. Here is my question restated:

Can the IPS 4255 be configured with more than 1 sensor interface in promiscuous mode. In other words, can I configure one IPS device with two or three sensor interfaces in Promiscuous mode (not inline).

New Member

Re: Validate PIX & IPS Network Design

Thanks for the response. I understand a monitoring or sensing interface pair is required for IPS 4255 services in inline mode. In promisuous mode, can the Cisco IPS 4255 operate with just one monitoring interface.