Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
12
Helpful
9
Replies

IPS 4240 on the Internet edge with the ASA 5520

Ibrahim Jamil
Level 6
Level 6

‎02-21-2012 10:49 AM - edited ‎03-04-2019 03:22 PM

Hi Guys

Pls can u help me to setup the Physical connectively of IPS 4240 on the Internet edge with  the ASA 5520 ,Pls how the topology will be

Pls Have a look to the attached Topoogy,if this a good design with IPS Appliance at nternet Edge

thanks

Labels:
122945-IPS-Physical-Connectivity.vsd.zip
0 Helpful
9 Replies 9

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-22-2012 01:23 PM

While inline as you show would work (and is arguably more secure), some folks prefer to have the appliance's interfaces both connected to the internal switch on an "inside" and "outside" VLAN.

That is a bit easier to implement and, should it ever need to be taken offliner it can be done with simple switch configuration vs. moving cables.

I wonder if you also need to protect a DMZ with IPS?

Vivek Ganapathi
Level 4
Level 4

‎02-22-2012 05:38 PM

As Marvin said, injecting an IPS inline to the path serves as the best protection as each every traffic in the path would be analyzed. The only issue with your IPS model accompanied with inline mode is, there is a lack of hardware inline bypass. But , it supports software bypass.

Thanks

Vivek

Ibrahim Jamil
Level 6
Level 6
In response to Vivek Ganapathi

‎02-23-2012 02:52 AM

Guys

Pls can y update the topology with ideal design

thanks

0 Helpful

Vivek Ganapathi
Level 4
Level 4
In response to Ibrahim Jamil

‎02-23-2012 03:27 AM

Whatever you have in place is an ideal design.

Ibrahim Jamil
Level 6
Level 6
In response to Vivek Ganapathi

‎02-23-2012 08:56 AM

guys

Pls one Favor,can u update the topology with two IPS for redundancy at the Internet edge,how the physical connectivity would appear

thanks

0 Helpful

Vivek Ganapathi
Level 4
Level 4
In response to Ibrahim Jamil

‎02-23-2012 05:28 PM

Based on your diagram i don't see a point of having redundant IPS when you don't have a redundant firewall, router & switch.

0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Vivek Ganapathi

‎02-24-2012 01:59 AM

Hi Vivek

I m going to have redundant fashion at the Internet edge

0 Helpful

Vivek Ganapathi
Level 4
Level 4
In response to Ibrahim Jamil

‎02-24-2012 03:27 AM

Does that mean, you would have dual internet + router + Firewall + Switch?

Thanks

Vivek

0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Vivek Ganapathi

‎02-24-2012 04:24 AM

Hi Vivek

yes y right, 2 Internet router (3825) 2 asa 5520 2 ips 4240 2 core 4500, acting as core

Pls vivek can u draw the topology for me for the IPSs,routers,ASAs at the Internet edge that describe the physical connectivity of the devices

frankly speaking  i didn't find diagram matching the described topolgoy so i seeking ur help

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card