01-06-2003 06:19 AM - edited 03-02-2019 03:57 AM
I need to mirror traffic on a 2600 router from all WAN interfaces and one ethernet interface to another ethernet interface. Does anyone know if this is possible. The reason is for a third party IDS device to inspect Site to Site traffic over the WAN links. I had been told that this might be possible with Firewall feature set... Any ideas??
01-06-2003 06:23 AM
Firewall feature set does not allow a router to redirect (SPAN/port Mirror) traffic in this fashion. This feaure set has it's own IDS mechanism/inspection process that you can run packets through. Here is a link about this feature.
Many use a switch in the DMZ/outside/and inside your security architecture to allow for such monitoring (Span/Port Mirroring) to an IDS. Cisco switches provide these functions.
Hope this helps,
Don
01-06-2003 06:27 AM
I am aware of this funcitonality if we were trying to monitor traffic from the router to the LAN. The customer is trying to monitor traffic between serial interfaces on the router though, any thoughts?
01-06-2003 06:54 AM
The only monitoring equipment I've used on Serial links is passive RMON probe, but this will only give you flow/application specific information, not the security information you'd most likely want. Firewall feature set on this router might give you DOS probe type traps to an internal NMS from these links if this is what you're after.
I guess this question would be easier to answer if it was known what your customer is specifically wanting to monitor and see.
Hope this helps,
Don
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: