I need some input and ideas how to best set up my IDSM2 module.
Today I have the module set up to capture traffic from the 6513 using SPAN in both directions and two different firewalled VLANs as sources. The destination is data-port 1 on the IDSM. This setup is working fine but I'm curious as how to best use the second data-port. Our 6513 runs IOS 12.2(18)SXF3 and has a limit of only one SPAN session set up to capture an entire VLAN in both directions.
My idea was to use the second data-port as SPAN destination for our external/non-firewalled VLAN, but this isn't allowed.
Does anyone have or had a similar problem? Would using a VLAN access list with data-port 2 as destination be an option or are the dual IDSM interfaces mainly used for inline mode?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...