×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco 6509 and Port Mirroring

Unanswered Question
Jan 11th, 2012
User Badges:

Working on setting up a Websense V5000 with our Cisco 6509.  We'd like to monitor all traffic/protocols going out to the Internet so I setup a mirror port from the port on the 6509 that the Inside interface on our ASA 5520 is plugged into and made the export of the mirror to the N-Port for the Websense.  I believe we're seeing traffic as expected, but from everything I've been able to find online it doesn't sound like the Websense will be able to block the traffic due to the 6509 not being able to 'inject' packets?


What are our options?  We have a Fluke TAP device, but I've never used to and I'm not sure if that is able to inject packets either.


Also, we have an older 6509 running version 12.2(17d)SXB9 if it helps.


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Akshay Balaganur Mon, 01/16/2012 - 06:21
User Badges:
  • Events Top Contributors,

    2013

Hi Adam,

I am sorry, but i didn't quite get your question. Are you trying to test the if Websense works ? 

When you say  " 6509 not being able to 'inject' packets " .. are you trying to setup a illegitimate traffic  to see if websense blocks it ?


If thats right then you can try this. Hook up a switch/router to 6500 and try telneting to it from the 6500. If it is not authorised as per Websense policy.. then Webesense should be able to tear down the TCP session ( by sednign a TCP RST).


Cheers!

Akshay

Actions

This Discussion