[c-nsp] Re: cisco-nsp Digest, Vol 33, Issue 124

Grant Moerschel gm at wavegard.com
Wed Aug 31 12:20:23 EDT 2005 

4215's support Cisco IPS 5.0 code out of the box.  This code can support 
inline (IPS) mode or promiscuous (IDS) mode or both simulateously if you 
have enough interfaces.  To do inline you must use 1 pair of 4215 
interfaces, one to the core and one to the router. Essentially all 
packets will traverse thru the IPS box going to and from the core to the 
router. During traversal, packets are analyzed. You can configure a 
signature response action to do an "inline drop" if a signature fires. 
Proper IPS tuning is a must since if your inline drops are fasle 
positive, you can easily DoS yourself.

==================================================
Grant P. Moerschel CISSP, CCSP, CCNP, CWNT
WaveGard, Inc.
Information Security Solutions
Consulting * Training * Integration
+1.703.568.5077 * gm at wavegard.com

> Message: 6
> Date: Wed, 31 Aug 2005 11:30:49 -0400
> From: "Paul Stewart" <pstewart at nexicomgroup.net>
> Subject: [c-nsp] Cisco IPS 4200's
> To: <cisco-nsp at puck.nether.net>
> Message-ID:
> 	<89D27DE3375BB6428DDCC2927489826A05F1DC at nexus.nexicomgroup.net>
> Content-Type: text/plain;	charset="us-ascii"
> 
> Anyone use these?  Any thoughts on them?
> 
> I have one specific question on the 4215's for example:
> 
> Can a pair of them be put inline to "work together" like a cluster?
> Here's an example why I ask....
> 
> Cisco 3662 Router with 3FE's
> 1FE is inbound trunk ports
> (2)FE's are outbound OSPF traffic to the core routers
> 
> I'd like to put an IPS on each of the 2 FE ports leaving the router
> towards the core.... Can this be done?  I'm using this model because if
> it was a 7513 for example with 6 FE's coming in and then 2 GE's leaving,
> I'd rather put them inline on the interfaces going towards the core...
> Is this correct?
> 
> Thanks,
> 
> Paul Stewart
> 
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> 
> 
> End of cisco-nsp Digest, Vol 33, Issue 124
> ******************************************

More information about the cisco-nsp mailing list