I would like to drop an IPS inline between our outside interface on our firewall and the inside interface of our router. Because of HA, we have multiple routers and multiple firewalls connected to the same VLAN on an existing switch, however to force traffic through the IPS I have to somehow isolate each side of the IPS bridge. I have the firewall outside and the IPS first interface connected to VLAN 501 and the IPS second interface and the routers connected to VLAN 502.
Traffic seems to be working fine but i am seeing Native VLAN mismatch on the cisco switch. Traffic is transiting the IPS but I assume BPDU traffic is being seen on both interfaces and causing a problem therefore producing this error.
Does anyone have experience doing what I am attempting? Forcing traffic through a device by assigning different VLANs on different sides of the bridge? I do something similar with an ASA in Layer 2 mode.
No comments:
Post a Comment