Cisco IPS 7.1 Installation Guide Page 32

  • Download
  • Add to my manuals
  • Print
  • Page
    / 422
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 31
1-16
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Chapter 1 Introducing the Sensor
How the Sensor Functions
Note The SPAN/Monitor configuration is valuable when you want to assign different IPS policies per VLAN
or when you have more bandwidth to monitor than one interface can handle.
For More Information
For more information on promiscuous mode, see Promiscuous Mode, page 1-14.
Inline Interface Pair Mode
Operating in inline interface pair mode puts the IPS directly into the traffic flow and affects
packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by
dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not
only is the inline device processing information on Layers 3 and 4, but it is also analyzing the contents
and payload of the packets for more sophisticated embedded attacks (Layers 3 to 7). This deeper analysis
lets the system identify and stop and/or block attacks that would normally pass through a traditional
firewall device.
In inline interface pair mode, a packet comes in through the first interface of the pair on the sensor and
out the second interface of the pair. The packet is sent to the second interface of the pair unless that
packet is being denied or modified by a signature.
Note You can configure the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and
ASA 5585-X IPS SSP) to operate inline even though they have only one sensing interface.
Note If the paired interfaces are connected to the same switch, you should configure them on the switch as
access ports with different access VLANs for the two ports. Otherwise, traffic does not flow through the
inline interface.
Figure 1-3 illustrates inline interface pair mode:
Figure 1-3 Inline Interface Pair Mode
Inline VLAN Pair Mode
Note The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP) do not
support inline VLAN pairs.
Host
Sensor
Switch
Traffic passes
through interface pair
253444
Router
VLAN A
Page view 31
1 ... 31 32 33 ... 422

Comments to this Manuals

No comments