Yeah that'd be great if you could.

Many Thanks in advance

Dom

These are two IDSM-2s connected to slot four and give of the same chassis. We are running FWSM >> MSFC OUTSIDE setup. All InterVLAN traffic is evaluated first by the IDSM than by the FWSM. Users default gateway is the FWSM.

Here you go:

intrusion-detection module 4 management-port access-vlan 100

intrusion-detection module 5 management-port access-vlan 100

intrusion-detection module 4 data-port 1 channel-group 5

intrusion-detection module 4 data-port 2 channel-group 6

intrusion-detection module 5 data-port 1 channel-group 5

intrusion-detection module 5 data-port 2 channel-group 6

intrusion-detection port-channel 5 trunk allowed-vlan 200-204,208

intrusion-detection port-channel 5 trunk allowed-vlan 708

intrusion-detection port-channel 5 autostate include

intrusion-detection port-channel 5 portfast enable

intrusion-detection port-channel 6 trunk allowed-vlan 260,280,400,401

intrusion-detection port-channel 6 trunk allowed-vlan 111-114

intrusion-detection port-channel 6 autostate include

intrusion-detection port-channel 6 portfast enable

Regards

Farrukh

Thanks for your response Farrukh, I don't think I was clear enough in my original post. I meant chassis to chassis redundancy.

My client insists on putting the IDSMs on the outside of the firewall, in front of a pair of FWSMs (in seperate chassis).

Maybe there isn't a need for a HA relationship between the IDSMs as the active FWSM will ensure that the traffic flows through one of the IDSMs and no the other?

Cheers, Dom

Many thanks Farrukh, That's very useful :)