Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
0
Helpful
1
Replies

Best deployment of IDS and PIX

dmgore
Level 1
Level 1

‎08-18-2004 09:40 PM - edited ‎02-20-2020 11:34 PM

Hi Guys,

I am going to execute a project involving deploying of Cisco IDS 4215 and PIX 515E at primary and disaster recovery site one each . The primary site is connected to DR site with lease line to be connected by 2691 and 1700 routers. Similarly each site is going to connect to the data center through leased lines.

What would be best network setup which one can deploy to maintain security?????

Thanks

Sam

0 Helpful
1 Reply 1

flyingmunk
Level 1
Level 1

‎08-19-2004 09:56 AM

The answers you receive to this question, are going to be very subjective. And, since you've left many gaps in the details, the question is that much hard to answer with any sense of giving you an applicable solution.

You need to look at these sites, and decide where are the good guys, and the bad. Is everyone behind the Pix trusted? Are you concerned about the traffic from the disaster recovery site to the primary site? Is there any outside traffic, i.e., Internet access?

If you have a single point of entry, (the Pix) and you want to monitor traffic coming from outside the Pix in, then IMHO, I would place the sniffing interface, inside the Pix. If you place the sniffing interface outside the Pix, you will be logging/monitoring lots of traffic, that you probably won't care about, since hopefully, the Pix will block this.

If you place the sniffing interface behind the Pix, then the sniffing interface is only looking at filtered traffic, which will be easier to manage. Also, in this configuration, you can use the Pix to shun certain traffic.

Additionally, if you get a 4215 with the quad card, this will give you more options on where to monitor traffic.

Again, this is really a tough question to answer, because we don't know your complete topology.

Take a look at this SAFE Blueprint, that I pasted below, it might be of some help.

http://www.cisco.com/en/US/partner/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a00801bc111.shtml

Also, you might want to pose your question on one of the IDS forums. Try the forum on 'www.securityfocus.com'. Your question isn't really specific to Cisco IDS deployment, and there is a large, experienced audience that participates in the above mentioned forum.

thanks,

chris

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card