Estela,
if you have to use an inline vlan pair, then inside and outside of the
IPS are going to be in the same interface.
You say you have two switches, you will have to connect them somehow,
so both inside and outside can be vlans of the DMZ-switch.
Do you have the same vlans in both switches already ? If not,
the link can be an access link joining the ASA-SW DMZ vlan to
a DMZ-SW outside vlan. Then create an inside vlan and put
both (inside and outside) in a trunk port to the IPS.
-Carlos
estela Mathew @ 10/02/2011 03:52 -0300 dixit:
> Hello,
>
> Topology:
>
> ASA------>ASA-SW------->IPS-------->DMZ-SW-------->Servers
>
> I have a DMZ in my ASA i have kept IPS in between the ASA and Servers, I
> have IPS 4240 i want to configure inline vlan pair,How can i do it,
>
> IPS gig0/0 is connected to DMZ-SWITCH and IPS gig0/1 is connected to
> ASA-SWITCH what will be the vlan pair, I have only 1 subnet in DMZ
> 192.168.10.0/27.
>
> Please don't suggest IPS Inline interface pair becz i know it can work
> easily Customer is insisting me to do inline vlan pairing.
>
> I have seen the configuration example from cisco but still i have
> doubts,Suppose if i create a vlan pair between vlan 1 and vlan 2 on gig0/0
> then what pairing will be on gig0/1 which is connected to ASA-SW, ihave only
> 1 subnet in DMZ .
>
> Please help
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Thu Feb 10 2011 - 08:31:03 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART