[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

4215 placement and configuration

Posted on 2006-07-10
8
Medium Priority
?
270 Views
Last Modified: 2010-04-11
I am not very familiar with Cisco’s 4215 IDS.  Currently our network is set up as follows:
Router>outside switch>Pix>Proxy>inside switch>LAN
I need to place this IDS on the network and configure it.  Most of the literature that I have come across sates to place the device inline on the DMZ with two monitoring interfaces.  I do not have the extra interfaces to do this.  I only have one command and control (CC) and one monitoring interface.  I’m not sure where the monitoring interface should be connected.  I can add a DMZ switch to the Pix and connect the monitoring interface to the DMZ switch and the CC to the inside switch. Currently my Proxy server in connected directly to the Pix inside interface and I’m not sure if I need to disconnect it and place it elsewhere.  Also, I’m not sure if I can connect the monitoring interface of the IDS directly to the Pix inside interface. I guess this may be more of a design question.  Any help on this would be appreciated.  BTW, I do have 5.0v on the 4215 and I would like it to perform as an IPS if possible without the extra interfaces.
0
Comment
Question by:Jelonet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 38

Assisted Solution

by:younghv
younghv earned 200 total points
ID: 17080711
Our nIDS sits on our 'Foundry Switch' - which I think would be your 'outside switch'.
We have had it in place for about 6 years now and has been functional the entire time.
Hope this helps.
Vic
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 400 total points
ID: 17082215
You're looking for "inline on-a-stick" configuration where you can use vlan interfaces with v5.1

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_release_note09186a0080574954.html
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 1400 total points
ID: 17082800
Placing the IDS into the network;

Router>outside switch>Pix>Proxy>inside switch>LAN
                                                          |
                                                       CSIDS

This will get/sniff all the traffic that is already filtered and proxied (less traffic).


On-A-Stick configuration needs you to have the OS version to be at 5.1 (Initially it was supposed to come out in 5.0 but it didn't)

If you can get the 5.1 version, then again, place the IDS as above with 2 vlans on the switch. Create an inline pair between those 2 vlans and you are done.

Cheers,
Rajesh

0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:Jelonet
ID: 17082807
Is there somewhere that explains the 'inline on-a-stick' configuration?  The site mentions it but doesn't really explain it.  The only documentation I could find was how to configure it using the inline sensing pair which seems easy to do as far as placement, however, as I mentioned above, I dont have the extra interfaces. The inline sensing pair has one interface connected to the Pix and one interface connected to the DMZ switch.  The CC interface is connected to the inside switch. So, I"m assuming I would just connect the one monitoring interface to the dmz switch and the CC interface to the inside switch? If that is the case, how do I get all traffic to pass through the device if it is on the DMZ? Still confussed on this one...sorry.
0
 

Author Comment

by:Jelonet
ID: 17084927
Sorry for not getting back sooner. I think I understand a little better now.  I have to put this on hold for a few days so I won't keep this open.  If I have other questions when I start I'll be sure to post them here.  Thanks, and I divided the points as fairly as possible.
0
 
LVL 38

Expert Comment

by:younghv
ID: 17085551
Jelonet,
Thank you for the points and good luck with your project.
Vic
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17087858
Cool. thnx for the points and let us know if you need further help...

Cheers,
Rajesh
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question