From: Travis Niedens (niedentj@hotmail.com)
Date: Thu Mar 12 2009 - 19:31:06 ARST
Prashant,
Which IPS product were you going to use? IPS doesn't necessarily drop
encrypted traffic. I have seen IPS implementations done with both of the
solutions you mention. Much of this choice has to do with your environment and
what goals you are really trying to meet. In fact, there have been times
where I implemented an IPS on both sides to keep all unnecessary traffic from
hitting the firewall to avoid traffic flows that cause overload of the FW's
memory and CPU.
Travis
> Date: Thu, 12 Mar 2009 18:02:27 +0300
> Subject: ASA(VPN ) and IPS Correct Placement ??
> From: jockeywearer@gmail.com
> To: ccielab@groupstudy.com; security@groupstudy.com
>
> Hi Security Experts,
>
> Currently we have setup
>
> Topology 1
> 1)Internet Router --- IPS(Inline)-----ASA-----core switch 6500
>
> as per the requirement my management need to Use Cisco ASA as VPN Server so
>
> Internet users will connect to ASA by VPN client and SSL client
> should I need to change the place of IPS ?
>
> Topology 2
> 2)Internet Router---ASA---IPS(Inline)---ore sw6500
>
> Can I keep same tolopogy(1) and configure something on IPS as I come to
know
> IPS drops encrypted traffic.
>
> what is the proper design ? and what I need to configure on IPS to work
with
> Topology(1)
>
> any update appreciate.
>
> Many Thanks
> Prashant.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART