If my P1 and T1 ports are in full duplex mode and both ports are on the same LAN (VLAN) as my PIX (inside interface) to Internet - Why do I need to SPAN one cisco port to another if all 3 interfaces (P1, T1 & PIX) see all inbound/outbound traffic? If SPAN is mandatory, what interface do a SPAN to the T1 port?
I am migrating networks onto my S160 so I assume I will need to SPAN the P1 port on the Ironport and NOT the inside port of my PIX :oops:
L4TM is capable of stopping phone-home malware traffic using any port or protocol (configurable) that the proxy would not see normally and can thus help protect you from a wide variety of threads that are beyond the scope of a proxy.
I'd recommend spanning the PIX interface (if that sees all outbound traffic) rather then the P1 as P1 might only see HTTP/HTTPS/... traffic that is already scanned by the security features on the proxy.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...