IDSM-2 - Promiscuous Mode

rpsrekhi3 · ‎01-22-2007

I would like my IDSM-2 to run in a Promiscuous Mode ( and not INLINE mode)

How can i configure it so that it works on the - " Block Nothing,Monitor Everything" principle.

I need the blade to "Never" block the upstream devices like routers and Firewalls.

By the way,how will the IDSM running in Promiscuous Mode even "know" of upstream routers and other network devices.

Thanks !!!

edwakim · ‎01-23-2007

Hi,

You can find how to configure IDSM-2 to run promiscuous mode here.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df92.html#wp1030752

From there, you can find IOS vs. CatOS configuration as well as SPAN vs. VACL.

Once that is done, you can find configuration guide here regarding IPS software. I will list both CLI and IDM in case you prefer one over the other...

CLI -

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1033699

IDM -

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00804cf4c2.html#wp1031960

In promiscuous mode, unless you configure blocking with blocking device, it will never block anything by default. Even with blocking, you can configure never-block addresses.

CLI -

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df77.html#wp1031471

IDM -

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00804d1374.html#wp1037905

IDSM will not know about which is what (upstream routers and other network devices) unless you specify them in 'never block' or 'blocking devices'

Thank you.

Edward