Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
2
Replies

IPS Design Help

alex goshtaei
Level 1
Level 1

‎10-31-2008 02:00 PM - edited ‎03-10-2019 04:21 AM

Hi All,

There are two ASA with failover and two switches, one internal switch and one DMZ switch. Both ASAs connected to two switches. Now we want to implement IPS here. we are using 4240 model. I want to use two inline interface pairs one for DMZ and one for internal. But the problem is there two ASA. If you show me high level design and how connect ASA to IPS then to switch, that would be very appreciated.

Thanks

Al

Labels:
0 Helpful
2 Replies 2

rhermes
Level 7
Level 7

‎10-31-2008 02:26 PM

Al -

use the switches to create seperate VLANS for IPS-Internal-inside

IPS-Internal-outside

IPS-DMZ-inside

IPS-DMZ-outside

Make the connections between the inside and outside VLANS thru the 4240.

Add a second eithernet cable between the inside and outside and give it a higher STP cost for failover.

0 Helpful

alex goshtaei
Level 1
Level 1
In response to rhermes

‎10-31-2008 02:40 PM

THanks for your reply,

ASA has three interfaces, one is outside, one is inside and the other one is DMZ. inside and DMZ interfaces are trunk ports with bunch of VLANs each and they are connected to two switches with trunk ports. these two switches are not connected to each other and they are connected to seperate network.

sorry for incomplete description. any suggestion would be very apprecited.

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card