Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
0
Helpful
5
Replies

ASA 5525-X IPS with Transparent Mode

Go to solution
avilt
Level 3
Level 3

‎12-01-2013 05:02 AM - edited ‎03-11-2019 08:11 PM

Can I implement the new ASA 5525-X IPS in transparent mode? Can I still have fail open features with it? What are the pros and cons with this mode?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to avilt

‎12-01-2013 08:37 PM

Hello,

That for sure, no problem.

The IPS can sit inline

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-01-2013 10:30 AM

Hello,

Sure you can.

Regarding the IPS and Firewall there are no such restrictions.

Restrictions would be with the way the ASA behaves.

EX:

No  VPN support

No routing protocols.

Stuff like that buddy

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
avilt
Level 3
Level 3
In response to Julio Carvajal

‎12-01-2013 11:30 AM

So all I need to do is from the active firewall inside interface--> connect it to ASA IPS ----> L3 switch.

IPS will be active only when the primary firewall is active.

Do I need to allow any specific rules on IPS for the ASA HA pair to work when I insert IPS in between primary and the L3 switch?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to avilt

‎12-01-2013 01:33 PM

Hello,

Remember that the ASA 5500-X Family use a software based IPS. So no physical interface to connect but logicals.

Now, you are talking about fail-over between ASAs. Before was fail-open and fail-closed with the IPS itself.

The answer to the last question is yes, if the active ASA fails then the ASA will too. There will be a switchover.

No special rules, no worry. From the IPS perspective it will work the same.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
avilt
Level 3
Level 3
In response to Julio Carvajal

‎12-01-2013 08:24 PM

Can I have ASA-IPS in inline mode with transparent mode as well?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to avilt

‎12-01-2013 08:37 PM

Hello,

That for sure, no problem.

The IPS can sit inline

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card