Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
1
Replies

ids

Ibrahim Jamil
Level 6
Level 6

‎08-07-2012 07:42 AM - edited ‎03-11-2019 04:39 PM

Hi Experts

when y configure ur IPS as IDS , does the 1 sensing interface must be configured with same VLAN as the monitored Port

consider my public interface on my asa connected to switch1 int gig1/1(vlan 5) and the sensing interface connected to switch1 gig1/2

so the coniguration for IDS Mode on the Swich would be:

monitor seession 1 source inter gig1/1 both

monitor session 2 destination int gig1/2   <<<where the sensing interface of IPSis connected?

pls Advice

Labels:
0 Helpful
1 Reply 1

Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎08-16-2012 09:31 AM

Hi Bro

Yes, these lines are fine;

monitor seession 1 source inter gig1/1 both

monitor session 2 destination int gig1/2  

You don’t need to configure the interface g1/2 to be in the same VLAN as g1/1, but if you wanna still do it, that’s fine too. I would do it, if I were you.

I believe the reason you’re asking this question is because you don’t see any traffic in your Cisco IPS appliance (running in IDS/promiscuous mode). Just ensure, that the port in the Cisco IPS appliance that’s connected to g1/2 is assigned a Virtual Sensor. This Virtual Sensor should be tagged with a signature definition, an event action rule and anomaly detection.

P/S: if you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card