Some users want to monitor just the traffic going in and out of their firewalls. Some want to monitor traffic going in and out of their data centers. Others want to monitor ALL internal traffic. Determine what traffic will help you to determine where you need to place your IDS.
2) Now that you've determine what to monitor the next question is what is the traffic rate in Mbps of that traffic? This will determine what sensor model you will need because each sensor model has a different performance rating. Simply saying that you have Gigabit ethernet connections is not enough because these may only be sending 5 Mbps or could be sending close to 2 Gbps. Or your internal traffic may be 1 Gbps but you may only want to monitor your firewall traffic that may only be 100Mbps.
The IDS-4250-XL for example can monitor up to 1 Gbps of traffic, but it can be expensive. If your traffic rates are low enough then you may be able to get away with the less expensive IDS-4235 that can monitor
3) Now consider how the traffic flow through your environement?
Is traffic load balanced across switches in which case you need to find out how the load balancing works. The sensor needs to see both the client packets and the server packets for the same connection to properly monitor that connection. If the load balancer will place both server and client packets on the same switch then you can have one IDS monitor one switch, and another IDS montior another switch. This would mean 2 IDS sensors each with just a single interface, or a 1 IDS sensor with 2 interfaces.
BUT if client traffic goes across one switch, and server traffic on another then one IDS may need to monitor BOTH switches. This would mean 1 IDS with 2 or more interfaces.
Are there 2 switches configured to be fail over/redundant rather than load balanced. Then one sensor may be able to watch both switches because only one will be active at a time. This would mean 1 IDS sensor with at least 2 interfaces.
Sensors that can receive traffic from more than one switch require more than one sensing interface. Here are the available options:
IDS-4215 with the 4FE card - provides 5 10/100 TX interfaces - aggregate performance is 80 Mbps
IDS-4235 with the 4FE card - provides 4 10/100 TX interfaces and 1 10/100/1000 TX interface - aggregate performance is 250 Mbps
IDS-4250-TX with the 4 FE card - provides 4 10/100 TX interfaces and 1 10/100/1000 TX interface - aggregate performance is 500 Mbps
IDS-4250-SX - provides 1 10/100/1000 TX interfaces and 1 1000 SX interface - aggregate performance is 500 Mbps
NOTE: Aggregate performance is how many Mbps that the sensor can handle based on it's cpu and memmory regardless of the number of NICs being monitored. For example with the IDS-4235 with the 4FE card, you could monitor 250 Mbps with one port, or 50 Mbps on each of 5 ports, or 100 on 2 ports and 50 Mbps on a 3rd.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :