Hi Cristian
Thanks for your reply my idea was to deploy them as L2 in-line pairs with
ether-channels either side of a stacked 3750X access layer and 6509E VSS core
layer
I would prefer not to have an extra L3 hop I'm sure there are way to
manipulate L2 STP costs for this to work but I'm trying to find the docs for
active/active or active/standby configuration on the 4500 series as Cisco's
product page suggests these designs are supported
--
BR
Tony
> On 8 Jun 2014, at 11:38, Cristian Matei <cmatei_at_ine.com> wrote:
>
> Hi,
>
> To make that work, you would need a sort of clustering or HA where basically
the session state would be shared among multiple IPS devices. This is not
supported by Cisco IPS and i highly doubt any IPS vendor supports such
scenario, as the challenge is not only about session state, but also
fragmented packets and packet inspection.
>
> Why canb�t you just fix the asymmetric routing?
>
> Regards,
> Cristian Matei, 2 x CCIE #23684 (R&S/SC)
> cmatei_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
>
>
>> On 08 Jun 2014, at 13:24, Tony Singh <mothafungla_at_gmail.com> wrote:
>>
>> Hi
>>
>> Is their a Cisco IPS solution with HA being able to deal with stateful
asymmetric traffic flows I.e the 4500 series
>>
>> I don't want to disable TCP engines to allow for this behaviour..
>>
>> --
>> BR
>>
>> Tony
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 08 2014 - 11:49:00 ART