We have just installed an NME-IPS into our 3825 head-end router which connects all of our remote sites. We have an access list applied on the serial interface to block certain traffic coming from the remote sites. With the installation of the NME-IPS, we now also want to exclude any voice traffic from being inspected. I know this can be accomplished by adding an ACL to the ids-service-module monitoring command. My question is can both access lists be applied at the same time on the same interface. And if both can be applied, in what order to they process traffic - interface ACL then IPS ACL or vice-versa. An example of what we would like to do is shown here:
interface Serial 1/0
description Interface connecting remote sites
ip access-group 102 in
ids-service-module monitoring promiscuous access-list 103
Thanks.
Chris