Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
843
Views
0
Helpful
1
Replies

Deploying 4260 into Architecture Question

Charles Shemonek
Level 1
Level 1

‎09-23-2013 08:16 AM - edited ‎03-10-2019 06:03 AM

Hello,

I have been tasked with updating/evaluating/integrating a Cisco 4260 into an inline state on our current network. Currently it is in promiscuous mode spanning traffic, but no profiles or device management is set to actively block traffic. Inline however are currently two existing ASA 5520's in a redundant active/standby pair. My question is, is it possible to bring 1 IPS into the equation and have it cabled inline to both ASA's. From my understanding there are 6 interfaces on the Cisco 4260, one being  the management interface, and for inline mode to work the interfaces have to work as interface pairs. This leads me to believe that either one or the other ASA can be cabled inline, but not both at the same time based on only having 1 IPS. Is this statement correct? If not please provide details on potential cabling of this device in this scenario.

Thank you,

Charles

Labels:
0 Helpful
1 Reply 1

Itzcoatl Espinosa
Cisco Employee
Cisco Employee

‎10-01-2013 03:52 PM

Hi Charles,

You may connect the IPS 4260 to both ASAs without a problem. As the ASAs are running in an active/standby failover, traffic will only pass through one ASA at a time.

You may configure interfaces pairs o inline vlan pairs in order to save space.

http://tools.cisco.com/squish/f7C75

http://tools.cisco.com/squish/8cC04

I hope it helps.

regards,

Itzcoatl Espinosa

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card