https://community.cisco.com/t5/network-security/general-4215-question/m-p/532927#M98534 <HTML><HEAD></HEAD><BODY><P>Thanks. My FE0/0 is my management port and I will be using FE1/0 and FE1/1 for sensing (leaving open FE0/1, FE1/2. amd FE1/3 open for future use). I'd like to inspect traffic for a PIX firewall bound at 100Mbps, so I'm not losing too much in terms of throughput. Would my approach work with the given configuration? </P></BODY></HTML> Thu, 04 May 2006 00:24:19 GMT ryanwilhelm 2006-05-04T00:24:19Z https://community.cisco.com/t5/network-security/general-4215-question/m-p/532922#M98529 <P>I'm quite a newbie to the IDS 4215 configuration; however, we just received ours in-house and I would like to run through the set-up with some experts prior to an extended test. </P><P></P><P>My question, I have the cables from Fe1/1 and Fe1/2 plugged into two Gigabit ports on our 6509. I have two destination ports (the ports that ultimately connect back to the Fe ports on the 4215) specified on the 6509 and one source port (our PIX router port connected to the 6509). </P><P></P><P>Given the config info below and the details from above, do I have the cabling correct and will this approach work? </P><P>--Config</P><P>virtual-sensor vs0 </P><P>description default virtual sensor</P><P>logical-interface idspair1 </P><P>exit</P><P>exit</P><P>! ------------------------------</P><P>service interface</P><P>physical-interfaces FastEthernet0/0 </P><P>duplex full</P><P>speed 100</P><P>exit</P><P>physical-interfaces FastEthernet0/1 </P><P>description sensing interface</P><P>admin-state enabled</P><P>duplex full</P><P>speed 100</P><P>alt-tcp-reset-interface none</P><P>exit</P><P>physical-interfaces FastEthernet1/0 </P><P>description Sensing Pair - Part 1</P><P>admin-state enabled</P><P>duplex full</P><P>speed 100</P><P>alt-tcp-reset-interface interface-name FastEthernet1/2</P><P>exit</P><P>physical-interfaces FastEthernet1/1 </P><P>description Sensing Pair - Part 2</P><P>admin-state enabled</P><P>duplex full</P><P>speed 100</P><P>alt-tcp-reset-interface interface-name FastEthernet1/3</P><P>exit</P><P>inline-interfaces idspair1 </P><P>description Initial Pair</P><P>interface1 FastEthernet1/0</P><P>interface2 FastEthernet1/1</P><P></P> Sun, 10 Mar 2019 09:59:52 GMT https://community.cisco.com/t5/network-security/general-4215-question/m-p/532922#M98529 ryanwilhelm 2019-03-10T09:59:52Z https://community.cisco.com/t5/network-security/general-4215-question/m-p/532923#M98530 <HTML><HEAD></HEAD><BODY><P>Ignore the Fe0/1 interface since I just have it established for promiscuous mode monitoring. I would ultimately like to have this device perform in-line IPS functionality. Do I need to somehow return the packets from the "monitor session" commands issued on the 6509? </P><P></P><P>Thanks for the anticipated help!</P><P></P><P>Cheers.</P></BODY></HTML> Tue, 02 May 2006 02:35:02 GMT https://community.cisco.com/t5/network-security/general-4215-question/m-p/532923#M98530 ryanwilhelm 2006-05-02T02:35:02Z https://community.cisco.com/t5/network-security/general-4215-question/m-p/532924#M98531 <HTML><HEAD></HEAD><BODY><P>Hi ryanwihelm:</P><P></P><P>Im sorry but I'm confused with your post.</P><P></P><P>If you want to do inline IPS then you must to conect FE0/1 to the pix, and FE0/2 to the shitch. Then all the trafic go through the IPS.</P><P>Don't forget to conect FE0/0 to the switch (perhaps in other vlan) for management reasons.</P><P></P><P>This response help to you?</P><P></P><P>Another comment, Do you know the max througput you have with 4215 is 65 Mbps?</P><P></P><P>Best regards</P><P></P><P>Alberto Giorgi from spain (a new kid in this block)</P><P></P><P></P></BODY></HTML> Wed, 03 May 2006 21:36:51 GMT https://community.cisco.com/t5/network-security/general-4215-question/m-p/532924#M98531 a.giorgi 2006-05-03T21:36:51Z https://community.cisco.com/t5/network-security/general-4215-question/m-p/532925#M98532 <HTML><HEAD></HEAD><BODY><P>Hi ryanwihelm:</P><P></P><P>Im sorry but I'm confused with your post.</P><P></P><P>If you want to do inline IPS then you must to conect FE0/1 to the pix, and FE0/2 to the shitch. Then all the trafic go through the IPS.</P><P>Don't forget to conect FE0/0 to the switch (perhaps in other vlan) for management reasons.</P><P></P><P>This response help to you?</P><P></P><P>Another comment, Do you know the max througput you have with 4215 is 65 Mbps?</P><P></P><P>Best regards</P><P></P><P>Alberto Giorgi from spain (a new kid in this block)</P><P></P><P></P></BODY></HTML> Wed, 03 May 2006 21:38:22 GMT https://community.cisco.com/t5/network-security/general-4215-question/m-p/532925#M98532 a.giorgi 2006-05-03T21:38:22Z https://community.cisco.com/t5/network-security/general-4215-question/m-p/532926#M98533 <HTML><HEAD></HEAD><BODY><P>Hi ryanwihelm:</P><P></P><P>Im sorry but I'm confused with your post.</P><P></P><P>If you want to do inline IPS then you must to conect FE0/1 to the pix, and FE0/2 to the shitch. Then all the trafic go through the IPS.</P><P>Don't forget to connect FE0/0 to the switch (perhaps in other vlan) for management reasons.</P><P></P><P>This response help to you?</P><P></P><P>Another comment, Do you know the max througput you have with 4215 is 65 Mbps?</P><P></P><P>Best regards</P><P></P><P>Alberto Giorgi from spain (a new kid in this block)</P><P></P><P></P></BODY></HTML> Wed, 03 May 2006 21:38:23 GMT https://community.cisco.com/t5/network-security/general-4215-question/m-p/532926#M98533 a.giorgi 2006-05-03T21:38:23Z https://community.cisco.com/t5/network-security/general-4215-question/m-p/532927#M98534 <HTML><HEAD></HEAD><BODY><P>Thanks. My FE0/0 is my management port and I will be using FE1/0 and FE1/1 for sensing (leaving open FE0/1, FE1/2. amd FE1/3 open for future use). I'd like to inspect traffic for a PIX firewall bound at 100Mbps, so I'm not losing too much in terms of throughput. Would my approach work with the given configuration? </P></BODY></HTML> Thu, 04 May 2006 00:24:19 GMT https://community.cisco.com/t5/network-security/general-4215-question/m-p/532927#M98534 ryanwilhelm 2006-05-04T00:24:19Z https://community.cisco.com/t5/network-security/general-4215-question/m-p/532928#M98535 <HTML><HEAD></HEAD><BODY><P>Ryan:</P><P></P><P>Yes it will work.</P><P>Whith your configuration you will be able to inspect the traffic to and from Internet.</P><P></P><P>In a future I suggest you configure the rest of the interfaces to sense the internal traffic. You can SPAN a couple of port of your switch (e.g. for differents VLANs) and use de IDS in the promiscuous mode.</P><P></P><P>I hope this help (please rate it this post and the previous one).</P><P></P><P>Best regards.</P><P></P><P>Alberto Giorgi from spain</P><P></P><P></P></BODY></HTML> Thu, 04 May 2006 06:32:16 GMT https://community.cisco.com/t5/network-security/general-4215-question/m-p/532928#M98535 a.giorgi 2006-05-04T06:32:16Z