Hi,
To make that work, you would need a sort of clustering or HA where basically
the session state would be shared among multiple IPS devices. This is not
supported by Cisco IPS and i highly doubt any IPS vendor supports such
scenario, as the challenge is not only about session state, but also
fragmented packets and packet inspection.
Why can�t you just fix the asymmetric routing?
Regards,
Cristian Matei, 2 x CCIE #23684 (R&S/SC)
cmatei_at_INE.com<mailto:cmatei_at_INE.com>
Internetwork Expert, Inc.
http://www.INE.com<http://www.ine.com/>
On 08 Jun 2014, at 13:24, Tony Singh
<mothafungla_at_gmail.com<mailto:mothafungla_at_gmail.com>> wrote:
Hi
Is their a Cisco IPS solution with HA being able to deal with stateful
asymmetric traffic flows I.e the 4500 series
I don't want to disable TCP engines to allow for this behaviour..
--
BR
Tony
Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 08 2014 - 05:38:10 ART