Re: IPS 4215 inline mode

From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Sat Mar 31 2007 - 15:35:59 ART

• Next message: lalit gupta: "How to Elect RP as Primary in Auto-RP with lowest RP address"
• Previous message: Sreenivasa Reddy.Kaki: "CCIE Security COD's"
• Maybe in reply to: Edward Norton: "IPS 4215 inline mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Edward

I forgot to mention one thing in my earlier email, apparently with version
5.1 if you have only one monitoring interface (the built-in one), you cannot
use that port for Inline Vlan Pair's, as per:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00804cf4c2.html#wp1047981

However it seems (I have not tested this feature yet), on 6.0 it is
supported:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008061beaf.html#wp1049826

So with your scenario (as described in your email), I don't think inline
VLAN pair feature would work unless you install additional interface cards
as you only have the built-in sensing interface at your disposal.

Regards

Farrukh

On 3/31/07, Farrukh Haroon <farrukhharoon@gmail.com> wrote:
>
> Hello Edward
>
> 1) The 4215 needs at least two sensing interfaces to do regular inline.
> You need to couple both in a 'pair' for inline mode to work.
>
> 2) No you don't configure any subnets with the IPS, its sensing interfaces
> have no IP addresses assigned at all.
>
> 3) You can use a new option 'Inline Vlan Pair', with which you can form a
> trunk interface between the switch and IPS (using one interface only). And
> then define upto 255 Vlan pairs per interface like
>
> Vlan 10 < > Vlan 20
> Vlan 1 < > Vlan 2
>
> and then do filtering based on Vlans, see:
>
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1047718
>
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008061beaf.html#wp1033269
>
>
> HTH
>
> Regards
>
> Farrukh
>
>
>
> On 3/31/07, Edward Norton <doubleccie@yahoo.com> wrote:
> >
> > folks ;
> > I have 4215 with just one monitoring interface and i upgraded that box
> > to release 5.1 , will it be possible do inline mode for IPS 4215 with
> > just one monitoring interface by using sub-interfaces on that monitoring
> > interface ??
> >
> > another question , assume i have two physical monitoring interfaces to
> > do the inline , will each one of those two interfaces be in separate subnet
> > and the IPS do the routing , or it sits as transparent device in between?
> >
> >
> > appreciate the assistance
> >
> >
> >
> > ---------------------------------
> > It's here! Your new message!
> > Get new email alerts with the free Yahoo! Toolbar.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: lalit gupta: "How to Elect RP as Primary in Auto-RP with lowest RP address"
• Previous message: Sreenivasa Reddy.Kaki: "CCIE Security COD's"
• Maybe in reply to: Edward Norton: "IPS 4215 inline mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:53 ART