Cisco 6509 and Port Mirroring

adambaack · ‎01-11-2012

Working on setting up a Websense V5000 with our Cisco 6509. We'd like to monitor all traffic/protocols going out to the Internet so I setup a mirror port from the port on the 6509 that the Inside interface on our ASA 5520 is plugged into and made the export of the mirror to the N-Port for the Websense. I believe we're seeing traffic as expected, but from everything I've been able to find online it doesn't sound like the Websense will be able to block the traffic due to the 6509 not being able to 'inject' packets?

What are our options? We have a Fluke TAP device, but I've never used to and I'm not sure if that is able to inject packets either.

Also, we have an older 6509 running version 12.2(17d)SXB9 if it helps.

Thanks.

Akshay Balaganur · ‎01-16-2012

Hi Adam,

I am sorry, but i didn't quite get your question. Are you trying to test the if Websense works ?

When you say " 6509 not being able to 'inject' packets " .. are you trying to setup a illegitimate traffic to see if websense blocks it ?

If thats right then you can try this. Hook up a switch/router to 6500 and try telneting to it from the 6500. If it is not authorised as per Websense policy.. then Webesense should be able to tear down the TCP session ( by sednign a TCP RST).

Cheers!

Akshay