Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS 4240 on the Internet edge with the ASA 5520

Hi Guys

Pls can u help me to setup the Physical connectively of IPS 4240 on the Internet edge with  the ASA 5520 ,Pls how the topology will be

Pls Have a look to the attached Topoogy,if this a good design with IPS Appliance at nternet Edge

thanks

9 REPLIES
Hall of Fame Super Silver

IPS 4240 on the Internet edge with the ASA 5520

While inline as you show would work (and is arguably more secure), some folks prefer to have the appliance's interfaces both connected to the internal switch on an "inside" and "outside" VLAN.

That is a bit easier to implement and, should it ever need to be taken offliner it can be done with simple switch configuration vs. moving cables.

I wonder if you also need to protect a DMZ with IPS?

IPS 4240 on the Internet edge with the ASA 5520

As Marvin said, injecting an IPS inline to the path serves as the best protection as each every traffic in the path would be analyzed. The only issue with your IPS model accompanied with inline mode is, there is a lack of hardware inline bypass. But , it supports software bypass.

Thanks

Vivek

New Member

IPS 4240 on the Internet edge with the ASA 5520

Guys

Pls can y update the topology with ideal design

thanks

IPS 4240 on the Internet edge with the ASA 5520

Whatever you have in place is an ideal design.

New Member

IPS 4240 on the Internet edge with the ASA 5520

guys

Pls one Favor,can u update the topology with two IPS for redundancy at the Internet edge,how the physical connectivity would appear

thanks

IPS 4240 on the Internet edge with the ASA 5520

Based on your diagram i don't see a point of having redundant IPS when you don't have a redundant firewall, router & switch.

New Member

IPS 4240 on the Internet edge with the ASA 5520

Hi Vivek

I m going to have redundant fashion at the Internet edge

IPS 4240 on the Internet edge with the ASA 5520

Does that mean, you would have dual internet + router + Firewall + Switch?

Thanks

Vivek

New Member

IPS 4240 on the Internet edge with the ASA 5520

Hi Vivek

yes y right, 2 Internet router (3825) 2 asa 5520 2 ips 4240 2 core 4500, acting as core

Pls vivek can u draw the topology for me for the IPSs,routers,ASAs at the Internet edge that describe the physical connectivity of the devices

frankly speaking  i didn't find diagram matching the described topolgoy so i seeking ur help

thanks

368
Views
12
Helpful
9
Replies