https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909293#M85080 <HTML><HEAD></HEAD><BODY><P>Sorry, missed attaching the diagram.</P><P>Please find enclosed the diagram.</P><P></P><P> </P><P></P></BODY></HTML> Mon, 17 Dec 2007 10:06:48 GMT gautamzone 2007-12-17T10:06:48Z https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909292#M85074 <P>Dear friends</P><P></P><P>Just a query about operating IPS 4255 in inline mode. Currently, it is operating in promiscious mode. Now, i am planning to change to inline mode for just one segment (Internet vlan - 15) connecting the 4507 core switch 4507 and the 515 firewall.</P><P></P><P>I am planning to add another Layer 2 vlan viz. Vlan 16. The IPS can then act inline bridging traffic between vlan 16 and vlan 15.</P><P></P><P>I have enclosed a diagram for your kind reference. As you will see, the firewall and core switch are still in the same Layer 3 subnet but the firewall is in vlan 16 and not in vlan 15. </P><P></P><P>What is confusing me is the switch configuration for Switch A and B. I am not sure which ones are to be trunked and which ones are to be put in vlan 15 or 16. </P><P></P><P>This diagram just depicts the proposed plan. Can you let me know if this is correct. Any suggestion / feedback on this will really be appreciated.</P><P></P><P>Thanks a lot</P><P>Gautam</P><P></P> Sun, 10 Mar 2019 10:54:38 GMT https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909292#M85074 gautamzone 2019-03-10T10:54:38Z https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909293#M85080 <HTML><HEAD></HEAD><BODY><P>Sorry, missed attaching the diagram.</P><P>Please find enclosed the diagram.</P><P></P><P> </P><P></P></BODY></HTML> Mon, 17 Dec 2007 10:06:48 GMT https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909293#M85080 gautamzone 2007-12-17T10:06:48Z https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909294#M85085 <HTML><HEAD></HEAD><BODY><P>Why not use inline mode and a single VLAN? Why are you adding another VLAN?</P><P></P><P>-brad </P><P><A class="jive-link-custom" href="http://www.ccbootcamp.com" target="_blank">http://www.ccbootcamp.com</A> </P><P>(please rate the post if this helps!) </P><P></P></BODY></HTML> Mon, 17 Dec 2007 11:31:09 GMT https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909294#M85085 ccbootcamp 2007-12-17T11:31:09Z https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909295#M85092 <HTML><HEAD></HEAD><BODY><P>Thanks a lot Brad. But my understanding was that to put IPS in inline mode, you need to create another VLAN and use the IPS to bridge between both the Vlan's. </P><P></P><P>Can you shed more light on how do you achieve this with just one VLAN?</P><P></P><P></P><P>Thanks a lot</P><P>Gautam</P><P></P></BODY></HTML> Thu, 20 Dec 2007 13:40:48 GMT https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909295#M85092 gautamzone 2007-12-20T13:40:48Z https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909296#M85097 <HTML><HEAD></HEAD><BODY><P>When you put an IDSM2 IPS in-line mode, use two VLANs. If you have a 4200 series sensor, use the same VLAN on both sides of the interfaces used as an in-line pair.</P><P></P><P>Mike</P></BODY></HTML> Tue, 01 Jan 2008 01:45:15 GMT https://community.cisco.com/t5/network-security/regarding-deploying-ips-in-inline-mode/m-p/909296#M85097 mherald 2008-01-01T01:45:15Z