My preference is for the stand alone IPS to die and become a fully integrated module in your firewall. Similar to the Netscreen IDP, but with the quality of Tipping Point.

Just like anything, there any many ways to do it. oleDB's suggestion is a good one, but if it is stand-alone then I would put it behind the firewall for the simple fact that it would see less traffic and therefore perform better.

You could also put up more than one like on the internal network. I've seen many do this to also watch what is happening on the inside with both the bad guys who compromised a client but also for those pesky insiders who use non-approved apps. Setup an alert system for users running P2P, using excessive bandwidth (mileage will vary) or anything else you can write a signature to detect. I guess this would be more like an EDS - Extrusion Detection System. 

Just some ideas,
Don

Many solid firewalls can be purchased with a IPS module in it which makes tons of sense especially when it can detect SQL injections, buffer overflows, scans, URL parsing, certain Web App attacks, and protocol manipulation.  So to answer your question, there are two places I would place an IPS for basic coverage:  at the firewall (perimeter protection), and at the Distribution/Core switches (scans internal users.

From there, throughput becomes an issue so you'd have to go with a slamming sized IPS in your Data Center because most likely it's going to push 10GE lines.