Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ids and alternate routes

I am yet to play with Cisco Secure IDS, but need a couple of answers if anyone is willing ;-)

How does a probe find alternate routes to the director??

Is it based on normal routing via a gateway?

If contact is lost to the director does the probe continue to log to a local store?

reload in 25 years
Cisco Employee

Re: ids and alternate routes

I'm not sure I understand the first question...normal communications are established using "normal routing" via a default gateway from the sensor. The sensor(probe) can be configured to report to multiple directors if you want redundancy, but it still has one network connection. [the sensor has one network interface for the monitored network and one network interface for command & control. Our standard recommendation is to run C&C on a network separate from the monitored network eg. out of band]

As for the lost contact question, the answer is yes. Alarms will be logged on the local system until contact is re-established, at which time they will be forwarded to the director.

New Member

Re: ids and alternate routes

Excellent response, just exactly what I wanted to know.

Thanx again

reload in 25 years