Solved

4215 placement and configuration

Posted on 2006-07-10
8
268 Views
Last Modified: 2010-04-11
I am not very familiar with Cisco’s 4215 IDS.  Currently our network is set up as follows:
Router>outside switch>Pix>Proxy>inside switch>LAN
I need to place this IDS on the network and configure it.  Most of the literature that I have come across sates to place the device inline on the DMZ with two monitoring interfaces.  I do not have the extra interfaces to do this.  I only have one command and control (CC) and one monitoring interface.  I’m not sure where the monitoring interface should be connected.  I can add a DMZ switch to the Pix and connect the monitoring interface to the DMZ switch and the CC to the inside switch. Currently my Proxy server in connected directly to the Pix inside interface and I’m not sure if I need to disconnect it and place it elsewhere.  Also, I’m not sure if I can connect the monitoring interface of the IDS directly to the Pix inside interface. I guess this may be more of a design question.  Any help on this would be appreciated.  BTW, I do have 5.0v on the 4215 and I would like it to perform as an IPS if possible without the extra interfaces.
0
Comment
Question by:Jelonet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 38

Assisted Solution

by:younghv
younghv earned 50 total points
ID: 17080711
Our nIDS sits on our 'Foundry Switch' - which I think would be your 'outside switch'.
We have had it in place for about 6 years now and has been functional the entire time.
Hope this helps.
Vic
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
ID: 17082215
You're looking for "inline on-a-stick" configuration where you can use vlan interfaces with v5.1

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_release_note09186a0080574954.html
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 350 total points
ID: 17082800
Placing the IDS into the network;

Router>outside switch>Pix>Proxy>inside switch>LAN
                                                          |
                                                       CSIDS

This will get/sniff all the traffic that is already filtered and proxied (less traffic).


On-A-Stick configuration needs you to have the OS version to be at 5.1 (Initially it was supposed to come out in 5.0 but it didn't)

If you can get the 5.1 version, then again, place the IDS as above with 2 vlans on the switch. Create an inline pair between those 2 vlans and you are done.

Cheers,
Rajesh

0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:Jelonet
ID: 17082807
Is there somewhere that explains the 'inline on-a-stick' configuration?  The site mentions it but doesn't really explain it.  The only documentation I could find was how to configure it using the inline sensing pair which seems easy to do as far as placement, however, as I mentioned above, I dont have the extra interfaces. The inline sensing pair has one interface connected to the Pix and one interface connected to the DMZ switch.  The CC interface is connected to the inside switch. So, I"m assuming I would just connect the one monitoring interface to the dmz switch and the CC interface to the inside switch? If that is the case, how do I get all traffic to pass through the device if it is on the DMZ? Still confussed on this one...sorry.
0
 

Author Comment

by:Jelonet
ID: 17084927
Sorry for not getting back sooner. I think I understand a little better now.  I have to put this on hold for a few days so I won't keep this open.  If I have other questions when I start I'll be sure to post them here.  Thanks, and I divided the points as fairly as possible.
0
 
LVL 38

Expert Comment

by:younghv
ID: 17085551
Jelonet,
Thank you for the points and good luck with your project.
Vic
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17087858
Cool. thnx for the points and let us know if you need further help...

Cheers,
Rajesh
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question