Cisco Support Community
Community Member

Implementing IDS

Hello all.

We are looking to implement IDS in our network. Here is a run down of our network. Two external routers runnning bgp to two seperate ISP. Also we have a 7100 VPN router on the external net due to the fact that we are using NHRP for the VPN. Next is the redundant Pix firewalls. Two DMZ's and the internal newtork that has our Frame cloud attached to it.

Now I am thinking of getting the 4215 put a interface on the external and the two DMZ. Then eventually getting another IDS for both the internal and Framecloud networks

THoughts Ideas.



Cisco Employee

Re: Implementing IDS

Since the 4215 will have 5 monitoring interfaces and 1 command interface, you have a lot of flexability. The device can process up to 80Mbps whether using 1 or 5 interfaces - so keep that in mind.

Placing monitoring interfaces on the outside of the firewall can lead to a tremendous number of events, some or a lot of which may be false positives, unless you are running FW Feature Set on the 7200s. The Pix pair will filter a good bit of the traffic out, so it may make sense to put the interfaces on the 2 dmzs and perhaps one on the inside. Just keep in mind the 80Mbps total can be passing to the 4215. Everything after that will not be review for matches.

Hope this helps,


CreatePlease to create content