I am having a problem understanding how a packet is going to know that it needs to get evaluated by the IDSM if it is being sent to a host on a different vlan. First lets say that the server is on a vlan that is being pair and the server host is configured with the GW address of the paired vlan. So if a different host on a different vlan sent a packet to that server how does the MSFC know to sent the packet to the paried vlan to get routed to the servers vlan instead of routing it directly to the servers vlan that is attached to it(msfc). FYI. I followed the admin guides to set this up and it does not cover design or operation packet flows.
Cisco CatOS on the Cisco Catalyst 6500 Series with optional Cisco IOS Software on the Multilayer Switching Feature Card (MSFC) provides Layer 2/3/4 functionality for the Cisco Catalyst 6500 by integrating two operating systems. A switch running CatOS only on the Supervisor Engine is a Layer 2 forwarding device with Layer 2/3/4 functionality for QoS, security, multicast, and network management of the Policy Feature Card (PFC), but does not have any routing capabilities. Layer 3 routing functionality is provided via a Cisco IOS Software image on the MSFC routing engine (optional in Supervisor 1A and 2, and integrated within Supervisor 32 and 720.) In this paper, the combination of CatOS on the Supervisor Engine and Cisco IOS Software on the MSFC is referred to as the "hybrid" OS; two operating systems work together to provide complete Layer 2/3/4 system functionality.
I did mange to figure it out, I just had to sit in a boring meeting and then it me. Create an addtional vlan on the msfc and delete the old vlan interface where the clients are. Give the new vlan int the address of the original client vlan int. Make the new vlan on the CATOS and leave the client vlan on the switch (catos), making it a non routed vlan and then let the IDSM bridge the two following admin guide and poof inspection can be done.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :