https://community.cisco.com/t5/network-security/ids-4210/m-p/725106#M86994 <P>I noticed that the model IDS-4210 does not do INLINE inspection on software 5.1(3)</P><P></P><P>Will it do on newer versions ? or the 4210 cannot do it period ?</P> Sun, 10 Mar 2019 10:33:43 GMT Rodrigo Gurriti 2019-03-10T10:33:43Z https://community.cisco.com/t5/network-security/ids-4210/m-p/725106#M86994 <P>I noticed that the model IDS-4210 does not do INLINE inspection on software 5.1(3)</P><P></P><P>Will it do on newer versions ? or the 4210 cannot do it period ?</P> Sun, 10 Mar 2019 10:33:43 GMT https://community.cisco.com/t5/network-security/ids-4210/m-p/725106#M86994 Rodrigo Gurriti 2019-03-10T10:33:43Z https://community.cisco.com/t5/network-security/ids-4210/m-p/725107#M86996 <HTML><HEAD></HEAD><BODY><P>There are 2 types of inline inspection:</P><P>inline interface pairs - 2 physical interfaces are paired together and the inspection is done inline as the packets are passed between the 2 interfaces</P><P></P><P>inline vlan pairs - 1 physical interface is connected to a switch using a trunk port, 2 vlans on the trunk port are paired together and the inspection is done inline as the packets are switched between the 2 vlans</P><P></P><P>The IDS-4210 only have one monitoring interface, and so you can not create inline interface pairs.</P><P>But the IDS-4210 Does support inline vlan pairs on that one monitoring interface.</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/cliguide/cliinter.htm#wp1057307" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/cliguide/cliinter.htm#wp1057307</A></P><P></P></BODY></HTML> Thu, 12 Apr 2007 14:09:38 GMT https://community.cisco.com/t5/network-security/ids-4210/m-p/725107#M86996 marcabal 2007-04-12T14:09:38Z https://community.cisco.com/t5/network-security/ids-4210/m-p/725108#M87000 <HTML><HEAD></HEAD><BODY><P>Thank you </P><P></P><P>But one more question </P><P></P><P>The 4210 would have to act like a router to direct the packets from the internet to the inside network ?</P><P></P><P>I tried to look on configuration guides but they have no examples.</P><P></P><P>I assume that the network scheme would look something like this:</P><P></P><P>router ---vlan1 </P><P>IDS ---vlan1/2</P><P>inside ---vlan2 </P><P></P><P>am I right ? </P><P></P><P>PS. thank you marcabal for your post </P></BODY></HTML> Thu, 12 Apr 2007 17:48:03 GMT https://community.cisco.com/t5/network-security/ids-4210/m-p/725108#M87000 Rodrigo Gurriti 2007-04-12T17:48:03Z https://community.cisco.com/t5/network-security/ids-4210/m-p/725109#M87002 <HTML><HEAD></HEAD><BODY><P>Yes and No</P><P></P><P>The scheme you wrote up is right, but it does NOT route between vlan 1 and vlan 2.</P><P>The IPS will instead switch or bridge packets between vlan 1 and vlan 2.</P><P></P><P>What this means is that the IP Address on the router's vlan 1 interface MUST be in the same IP Subnet as the IP Address on the inside vlan.</P><P>The IPS will simply take the packets on vlan 1 and put them on vlan 2 (and vice versa), it will not "route" packets between 2 IP Subnets so the same IP Subnet must be used in both vlan 1 and vlan 2.</P><P></P><P></P></BODY></HTML> Thu, 12 Apr 2007 18:01:05 GMT https://community.cisco.com/t5/network-security/ids-4210/m-p/725109#M87002 marcabal 2007-04-12T18:01:05Z