Solved

4215 placement and configuration

Posted on 2006-07-10
8
265 Views
Last Modified: 2010-04-11
I am not very familiar with Cisco’s 4215 IDS.  Currently our network is set up as follows:
Router>outside switch>Pix>Proxy>inside switch>LAN
I need to place this IDS on the network and configure it.  Most of the literature that I have come across sates to place the device inline on the DMZ with two monitoring interfaces.  I do not have the extra interfaces to do this.  I only have one command and control (CC) and one monitoring interface.  I’m not sure where the monitoring interface should be connected.  I can add a DMZ switch to the Pix and connect the monitoring interface to the DMZ switch and the CC to the inside switch. Currently my Proxy server in connected directly to the Pix inside interface and I’m not sure if I need to disconnect it and place it elsewhere.  Also, I’m not sure if I can connect the monitoring interface of the IDS directly to the Pix inside interface. I guess this may be more of a design question.  Any help on this would be appreciated.  BTW, I do have 5.0v on the 4215 and I would like it to perform as an IPS if possible without the extra interfaces.
0
Comment
Question by:Jelonet
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 38

Assisted Solution

by:younghv
younghv earned 50 total points
ID: 17080711
Our nIDS sits on our 'Foundry Switch' - which I think would be your 'outside switch'.
We have had it in place for about 6 years now and has been functional the entire time.
Hope this helps.
Vic
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
ID: 17082215
You're looking for "inline on-a-stick" configuration where you can use vlan interfaces with v5.1

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_release_note09186a0080574954.html
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 350 total points
ID: 17082800
Placing the IDS into the network;

Router>outside switch>Pix>Proxy>inside switch>LAN
                                                          |
                                                       CSIDS

This will get/sniff all the traffic that is already filtered and proxied (less traffic).


On-A-Stick configuration needs you to have the OS version to be at 5.1 (Initially it was supposed to come out in 5.0 but it didn't)

If you can get the 5.1 version, then again, place the IDS as above with 2 vlans on the switch. Create an inline pair between those 2 vlans and you are done.

Cheers,
Rajesh

0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:Jelonet
ID: 17082807
Is there somewhere that explains the 'inline on-a-stick' configuration?  The site mentions it but doesn't really explain it.  The only documentation I could find was how to configure it using the inline sensing pair which seems easy to do as far as placement, however, as I mentioned above, I dont have the extra interfaces. The inline sensing pair has one interface connected to the Pix and one interface connected to the DMZ switch.  The CC interface is connected to the inside switch. So, I"m assuming I would just connect the one monitoring interface to the dmz switch and the CC interface to the inside switch? If that is the case, how do I get all traffic to pass through the device if it is on the DMZ? Still confussed on this one...sorry.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17083084
0
 

Author Comment

by:Jelonet
ID: 17084927
Sorry for not getting back sooner. I think I understand a little better now.  I have to put this on hold for a few days so I won't keep this open.  If I have other questions when I start I'll be sure to post them here.  Thanks, and I divided the points as fairly as possible.
0
 
LVL 38

Expert Comment

by:younghv
ID: 17085551
Jelonet,
Thank you for the points and good luck with your project.
Vic
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17087858
Cool. thnx for the points and let us know if you need further help...

Cheers,
Rajesh
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The 21st century solution to antiquated pagers.
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question