topic IPS Design Help in Network Security

IPS Design Help

alex goshtaei — Sun, 10 Mar 2019 11:21:17 GMT

Hi All,

There are two ASA with failover and two switches, one internal switch and one DMZ switch. Both ASAs connected to two switches. Now we want to implement IPS here. we are using 4240 model. I want to use two inline interface pairs one for DMZ and one for internal. But the problem is there two ASA. If you show me high level design and how connect ASA to IPS then to switch, that would be very appreciated.

Thanks

Re: IPS Design Help

rhermes — Fri, 31 Oct 2008 21:26:50 GMT

Al -

use the switches to create seperate VLANS for IPS-Internal-inside

IPS-Internal-outside

IPS-DMZ-inside

IPS-DMZ-outside

Make the connections between the inside and outside VLANS thru the 4240.

Add a second eithernet cable between the inside and outside and give it a higher STP cost for failover.

Re: IPS Design Help

alex goshtaei — Fri, 31 Oct 2008 21:40:13 GMT

THanks for your reply,

ASA has three interfaces, one is outside, one is inside and the other one is DMZ. inside and DMZ interfaces are trunk ports with bunch of VLANs each and they are connected to two switches with trunk ports. these two switches are not connected to each other and they are connected to seperate network.

sorry for incomplete description. any suggestion would be very apprecited.

thanks