Solved

4215 placement and configuration

Posted on 2006-07-10
8
264 Views
Last Modified: 2010-04-11
I am not very familiar with Cisco’s 4215 IDS.  Currently our network is set up as follows:
Router>outside switch>Pix>Proxy>inside switch>LAN
I need to place this IDS on the network and configure it.  Most of the literature that I have come across sates to place the device inline on the DMZ with two monitoring interfaces.  I do not have the extra interfaces to do this.  I only have one command and control (CC) and one monitoring interface.  I’m not sure where the monitoring interface should be connected.  I can add a DMZ switch to the Pix and connect the monitoring interface to the DMZ switch and the CC to the inside switch. Currently my Proxy server in connected directly to the Pix inside interface and I’m not sure if I need to disconnect it and place it elsewhere.  Also, I’m not sure if I can connect the monitoring interface of the IDS directly to the Pix inside interface. I guess this may be more of a design question.  Any help on this would be appreciated.  BTW, I do have 5.0v on the 4215 and I would like it to perform as an IPS if possible without the extra interfaces.
0
Comment
Question by:Jelonet
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 38

Assisted Solution

by:younghv
younghv earned 50 total points
ID: 17080711
Our nIDS sits on our 'Foundry Switch' - which I think would be your 'outside switch'.
We have had it in place for about 6 years now and has been functional the entire time.
Hope this helps.
Vic
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
ID: 17082215
You're looking for "inline on-a-stick" configuration where you can use vlan interfaces with v5.1

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_release_note09186a0080574954.html
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 350 total points
ID: 17082800
Placing the IDS into the network;

Router>outside switch>Pix>Proxy>inside switch>LAN
                                                          |
                                                       CSIDS

This will get/sniff all the traffic that is already filtered and proxied (less traffic).


On-A-Stick configuration needs you to have the OS version to be at 5.1 (Initially it was supposed to come out in 5.0 but it didn't)

If you can get the 5.1 version, then again, place the IDS as above with 2 vlans on the switch. Create an inline pair between those 2 vlans and you are done.

Cheers,
Rajesh

0
 

Author Comment

by:Jelonet
ID: 17082807
Is there somewhere that explains the 'inline on-a-stick' configuration?  The site mentions it but doesn't really explain it.  The only documentation I could find was how to configure it using the inline sensing pair which seems easy to do as far as placement, however, as I mentioned above, I dont have the extra interfaces. The inline sensing pair has one interface connected to the Pix and one interface connected to the DMZ switch.  The CC interface is connected to the inside switch. So, I"m assuming I would just connect the one monitoring interface to the dmz switch and the CC interface to the inside switch? If that is the case, how do I get all traffic to pass through the device if it is on the DMZ? Still confussed on this one...sorry.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17083084
0
 

Author Comment

by:Jelonet
ID: 17084927
Sorry for not getting back sooner. I think I understand a little better now.  I have to put this on hold for a few days so I won't keep this open.  If I have other questions when I start I'll be sure to post them here.  Thanks, and I divided the points as fairly as possible.
0
 
LVL 38

Expert Comment

by:younghv
ID: 17085551
Jelonet,
Thank you for the points and good luck with your project.
Vic
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17087858
Cool. thnx for the points and let us know if you need further help...

Cheers,
Rajesh
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now