Solved

4215 placement and configuration

Posted on 2006-07-10
8
263 Views
Last Modified: 2010-04-11
I am not very familiar with Cisco’s 4215 IDS.  Currently our network is set up as follows:
Router>outside switch>Pix>Proxy>inside switch>LAN
I need to place this IDS on the network and configure it.  Most of the literature that I have come across sates to place the device inline on the DMZ with two monitoring interfaces.  I do not have the extra interfaces to do this.  I only have one command and control (CC) and one monitoring interface.  I’m not sure where the monitoring interface should be connected.  I can add a DMZ switch to the Pix and connect the monitoring interface to the DMZ switch and the CC to the inside switch. Currently my Proxy server in connected directly to the Pix inside interface and I’m not sure if I need to disconnect it and place it elsewhere.  Also, I’m not sure if I can connect the monitoring interface of the IDS directly to the Pix inside interface. I guess this may be more of a design question.  Any help on this would be appreciated.  BTW, I do have 5.0v on the 4215 and I would like it to perform as an IPS if possible without the extra interfaces.
0
Comment
Question by:Jelonet
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 38

Assisted Solution

by:younghv
younghv earned 50 total points
ID: 17080711
Our nIDS sits on our 'Foundry Switch' - which I think would be your 'outside switch'.
We have had it in place for about 6 years now and has been functional the entire time.
Hope this helps.
Vic
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
ID: 17082215
You're looking for "inline on-a-stick" configuration where you can use vlan interfaces with v5.1

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_release_note09186a0080574954.html
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 350 total points
ID: 17082800
Placing the IDS into the network;

Router>outside switch>Pix>Proxy>inside switch>LAN
                                                          |
                                                       CSIDS

This will get/sniff all the traffic that is already filtered and proxied (less traffic).


On-A-Stick configuration needs you to have the OS version to be at 5.1 (Initially it was supposed to come out in 5.0 but it didn't)

If you can get the 5.1 version, then again, place the IDS as above with 2 vlans on the switch. Create an inline pair between those 2 vlans and you are done.

Cheers,
Rajesh

0
 

Author Comment

by:Jelonet
ID: 17082807
Is there somewhere that explains the 'inline on-a-stick' configuration?  The site mentions it but doesn't really explain it.  The only documentation I could find was how to configure it using the inline sensing pair which seems easy to do as far as placement, however, as I mentioned above, I dont have the extra interfaces. The inline sensing pair has one interface connected to the Pix and one interface connected to the DMZ switch.  The CC interface is connected to the inside switch. So, I"m assuming I would just connect the one monitoring interface to the dmz switch and the CC interface to the inside switch? If that is the case, how do I get all traffic to pass through the device if it is on the DMZ? Still confussed on this one...sorry.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17083084
0
 

Author Comment

by:Jelonet
ID: 17084927
Sorry for not getting back sooner. I think I understand a little better now.  I have to put this on hold for a few days so I won't keep this open.  If I have other questions when I start I'll be sure to post them here.  Thanks, and I divided the points as fairly as possible.
0
 
LVL 38

Expert Comment

by:younghv
ID: 17085551
Jelonet,
Thank you for the points and good luck with your project.
Vic
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17087858
Cool. thnx for the points and let us know if you need further help...

Cheers,
Rajesh
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now