Filter Traffic using ISDM-2 Inline Mode and Inline VLAN Pairs

Unanswered Question
Mar 8th, 2007
User Badges:

Hi Everyone,

I have a new ISDM-2 Module (Version 6.0(1)E1) and I?m thinking use Inline VLAN Pairs to bridge two vlans, in my case vlan 100 and vlan 101. Vlan 100 is the vlan used by MSFC and Vlan 101 is the vlan used by the outside of my FWSM . In this way, I think I can monitor all the traffic into and from Internet. My question is: can I choose what traffic I will analyze using this configuration ? Maybye with VACL or another way.

Thanks in Advanced

Andre Lomonaco

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
scothrel Fri, 03/09/2007 - 11:23
User Badges:
  • Cisco Employee,

If I understand your question correctly, I do not think you have the ability to selectively inspect the traffic with only a single pair of vlans. The IPS module is going to bridge your vlans together and you would want all traffic to go through that bridge...I don't know what mechanism you'd use to selectively direct traffic through some other bridge/route function.

Within the IPS software you can turn off (disable AND retire) signatures that inspect traffic that you wish to ignore, the IPS will just forward the traffic through, but you don't have a fine level of granularity there.



This Discussion