cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

625
Views
0
Helpful
1
Replies
Highlighted

Deploying 4260 into Architecture Question

Hello,

I have been tasked with updating/evaluating/integrating a Cisco 4260 into an inline state on our current network. Currently it is in promiscuous mode spanning traffic, but no profiles or device management is set to actively block traffic. Inline however are currently two existing ASA 5520's in a redundant active/standby pair. My question is, is it possible to bring 1 IPS into the equation and have it cabled inline to both ASA's. From my understanding there are 6 interfaces on the Cisco 4260, one being  the management interface, and for inline mode to work the interfaces have to work as interface pairs. This leads me to believe that either one or the other ASA can be cabled inline, but not both at the same time based on only having 1 IPS. Is this statement correct? If not please provide details on potential cabling of this device in this scenario.

Thank you,

Charles

Everyone's tags (2)
1 REPLY 1
Highlighted
Cisco Employee

Deploying 4260 into Architecture Question

Hi Charles,

You may connect the IPS 4260 to both ASAs without a problem. As the ASAs are running in an active/standby failover, traffic will only pass through one ASA at a time.

You may configure interfaces pairs o inline vlan pairs in order to save space.

http://tools.cisco.com/squish/f7C75

http://tools.cisco.com/squish/8cC04

I hope it helps.

regards,

Itzcoatl Espinosa