Re: IPS INLINE VLAN from Samuel Jack on 2011-02-10 (Ccielab archives 02/2011)

From: Samuel Jack <jacksamuel32_at_gmail.com>
Date: Thu, 10 Feb 2011 17:21:47 +0400

Hello Carlos,

Very good Explanation.

Can u explore more the below paragraph,i have understood but i want to be
more clear,

Do you have the same vlans in both switches already ? If not,
the link can be an access link joining the ASA-SW DMZ vlan to
a DMZ-SW outside vlan. Then create an inside vlan and put
both (inside and outside) in a trunk port to the IPS.

What i understood from ur above mail is

   1. If I wanna go with inline vlan pair then inside and outside interface
   will be same
   2. I have to connect ASA-SW to DMZ-SW .

I have only 1 subnet can u explain me the traffic flow??

Thanks

On Thu, Feb 10, 2011 at 3:31 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar>wrote:

> Estela,
> if you have to use an inline vlan pair, then inside and outside of the IPS
> are going to be in the same interface.
>
> You say you have two switches, you will have to connect them somehow,
> so both inside and outside can be vlans of the DMZ-switch.
>
> Do you have the same vlans in both switches already ? If not,
> the link can be an access link joining the ASA-SW DMZ vlan to
> a DMZ-SW outside vlan. Then create an inside vlan and put
> both (inside and outside) in a trunk port to the IPS.
>
> -Carlos
>
> estela Mathew @ 10/02/2011 03:52 -0300 dixit:
>
>> Hello,
>>
>> Topology:
>>
>> ASA------>ASA-SW------->IPS-------->DMZ-SW-------->Servers
>>
>> I have a DMZ in my ASA i have kept IPS in between the ASA and Servers, I
>> have IPS 4240 i want to configure inline vlan pair,How can i do it,
>>
>> IPS gig0/0 is connected to DMZ-SWITCH and IPS gig0/1 is connected to
>> ASA-SWITCH what will be the vlan pair, I have only 1 subnet in DMZ
>> 192.168.10.0/27.
>>
>> Please don't suggest IPS Inline interface pair becz i know it can work
>> easily Customer is insisting me to do inline vlan pairing.
>>
>> I have seen the configuration example from cisco but still i have
>> doubts,Suppose if i create a vlan pair between vlan 1 and vlan 2 on gig0/0
>> then what pairing will be on gig0/1 which is connected to ASA-SW, ihave
>> only
>> 1 subnet in DMZ .
>>
>> Please help
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina

Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 10 2011 - 17:21:47 ART

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART