Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco 6509 and Port Mirroring

Working on setting up a Websense V5000 with our Cisco 6509.  We'd like to monitor all traffic/protocols going out to the Internet so I setup a mirror port from the port on the 6509 that the Inside interface on our ASA 5520 is plugged into and made the export of the mirror to the N-Port for the Websense.  I believe we're seeing traffic as expected, but from everything I've been able to find online it doesn't sound like the Websense will be able to block the traffic due to the 6509 not being able to 'inject' packets?

What are our options?  We have a Fluke TAP device, but I've never used to and I'm not sure if that is able to inject packets either.

Also, we have an older 6509 running version 12.2(17d)SXB9 if it helps.

Thanks.

Everyone's tags (3)
1 REPLY
Community Member

Cisco 6509 and Port Mirroring

Hi Adam,

I am sorry, but i didn't quite get your question. Are you trying to test the if Websense works ? 

When you say  " 6509 not being able to 'inject' packets " .. are you trying to setup a illegitimate traffic  to see if websense blocks it ?

If thats right then you can try this. Hook up a switch/router to 6500 and try telneting to it from the 6500. If it is not authorised as per Websense policy.. then Webesense should be able to tear down the TCP session ( by sednign a TCP RST).

Cheers!

Akshay

1080
Views
0
Helpful
1
Replies
CreatePlease to create content