I have a single PIX setup w/ only an internal and external zones. I was wondering how long it should take me to install and configure a 4235 IDS behind my PIX. I am curious and would like to monitor if any attacks are actually getting through my PIX. I also have a client that would like me to have an IDS implemented before they decide to host with my company. Unforunately I have no experiece with the Cisco IDS, so any help would be appreciated. I understand that there are MANY ways to conifgure the IDS depending on your network layout. I am merely looking for a "ballpark" figure for an IDS implementation in a simple network with only one PIX.
Setting up a 4235 should take you about ~10 minutes to get up and running, excluding the physical hookups. That is the easy part. The more difficult task is tuning the IDS for your particular environment. Out of the box, the IDS should provide pretty good coverage, but it's strongly advised that you spend some time to properly tune the sensor. The IDS documentation covers all of the fine points.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...