Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
5
Helpful
1
Replies

ips(asa) with ids

cfajardo1_2
Level 1
Level 1

‎12-21-2005 12:36 PM - edited ‎02-21-2020 12:36 AM

if i have an ASA with the SSM module and i have vlans configured on my LAN, how will i detect intrussion on the vlans? do i still need the ids?

thanks a lot

0 Helpful
1 Reply 1

sachinraja
Level 9
Level 9

‎12-22-2005 04:58 AM

Hello

The IPS or IDS comes into picture when traffic hits the sensing interface and flows through the IPS... Now, you have VLANs on the local core switch , which is not in the IPS segment. Hence, the traffic between VLANs will not be seen or stopped by the IPS.

In case you have a 6500 chassis in your core, you can use a Network Analysis module and see the traffic flowing on all VLANs. Netflow can clearly give you data about the source/destination IP/port, through which you can detect attacks to a certain extent.

If you have servers, which has to be protected on the VLAN, i would advice you to have Cisco Security Agent on them, which will work as a Host ids...

Hope this helps.. let us know your views on this.

Raj

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card