i need some help in configuring the idsm2. I have configured the 6509 switch to capture network traffic using SPAN. i have mentioned vlan as source, for the source SPAN traffic. but after specifying the capture destination on the 6509 (a physical port on the 6509), i am confused about how to send this traffic from the captured port for analysis to virtual sensing port on the IDSM.Basically i am not able to map the phyical destination port on the switch to the virtual sensing ports.
The switch details are as follows.i have a 6509 switch with 7 modules.
module 1 and module 2 are GBIC
module 3 - IDSM
module 4 - FWSM
module 5 and module 6 - SUP 720 (actvie and hot )
MODULE 7 - 10/100/1000 rj-45
the network topology is as follows.
WAN BRANCHES-->>CORE ROUTER-->>Router with VAC-->>pix 535-->>msfc IDSM AND fwsm (6509)--->>>noc(data centre)
In the above diagram the traffic flows from the wan towards the data centre and vice versa .The FWSM is configured with the numerous VLANS required for the data centre. Thus all the traffic flow between the various vlans is either denied/permitted on the FWSM.
the traffic flow from the wan branches to the data centre first hits the PIX firewall and then hits the FWSM.Likewise traffic from the data centre to the wan branches first hits the FWSM and then the PIX firewall.
please help me with this problem at the earliest. Thanx in advance.
From what I understand, if the SPAN destination port is a physical port, then the SPANed traffic exits the physical port. For example, if you have connected a sniffer to observe the traffic. I am not sure how this traffic can be diverted to virtual sensor. May be you can try using RSPAN technique.
Hi ... the IDSM2 has two internal ports .. these ports are the ones that will inspect the traffic so you need to specify any of this as the SPAN destination port .. by default are port 7 and 8 on the respective module whihc in your case is 3.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...