So here is the situation... We have a client who has a Symantec Gateway Security 5000 appliance which is used as the edge router, firewall, and VPN aggregation device. The topology is as follows...
Internet -----> ATT Cisco 2600 -----> Symantec 5000 appliance -----> Cisco 3560 (L2 config)
Currently this client has no visibility of traffic and what's going on throughout the network. What we'd like to do is setup a spare 1841 router between the Symantec firewall and the first 3560, enable netflow and nbar then export that data to a netflow collector/appliance. The reason it needs to go here is we'd like to see all VPN traffic after it's processed through the Symantec. The catch with all this is, currently the Symantec box acts as a headend VPN endpoint with about 30 sites connecting, it also routes the local office internal 172.16.1.x network. So we really can't change the addressing on it and move that network to the 1841. Is there a way we can put the 1841 inline to capture traffic flowing through it? I was looking at a bridge (irb) configuration but because traffic isn't routed through the FE interfaces on the router I'm not sure it'll work. Also I can't seem to figure out how to setup a management interface within a bridge configuration to manage the router. Another solution I was looking at was setting up two small /30 networks on the 1841 to connect to both the Symantec firewall and the first 3560 (after enabling routing) but the network behind the 3560 needs to remain 172.16.1.x. I not sure I can do that with this routed configuration. In the end this is the topo we're hoping for, see attached.
If we can't this 1841 to work and do netflow, we'll probably end up just doing a span port on the first 3560 and sending that traffic to an ntop like appliance. Needless to say we'd really rather do the 1841/netflow setup.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...