Snort IPS

tdinh6731 — Fri, 15 Mar 2019 15:29:58 GMT

All

I have following configuration:

interface VirtualPortGroup0
  ip address 192.168.200.101 255.255.255.0
Interface VirtualPortGroup1
  description Data interface
  ip address 192.168.0.1 255.255.255.0

virtual-service myips
  vnic gateway VirtualPortGroup0
    guest ip address 192.168.200.100 255.255.255.0
  vnic gateway VirtualPortGroup1
    guest ip address 192.168.0.2 255.255.255.0
  activate

My management Interface ge0/0/0
 R1(conf)# inter ge0/0/0
 R1(conf-inter)#ip vrf forward MGT
 R1(conf-inter)#ip address 192.168.200.14 255.255.255.0

My Nmap PC with Ip address 10.10.10.2/24/GW 10.10.0.1 connect to Interface ge0/0/1 with Ip address of 
10.10.0.1.

I ran nmap scan and using command 
show utd engine standard logging event // show nothing.
I able to ping my log from Router. It seems to me the Interface VirtualPortGroup1 do not forward 
the data from scan machine ( port ge0/0/1) to Snort Engine. I configured Snort for all interfaces.
Snort engines is up and running fine.

Questions:
1) Do you see any issues why SNORT logger would not be logging any of the traffic from my nmap PC?
2) Would we have to put the interface VirtualPortGroup0 to the same VRF of MGT on interface ge0/0/0?

Please help.
Thank you

Re: Snort IPS

balaji.bandi — Fri, 15 Mar 2019 21:01:54 GMT

nmap scan

what command you scan ? what what is the IP address rance you scanned ?

Re: Snort IPS

tdinh6731 — Sun, 17 Mar 2019 22:31:08 GMT

Thank you very, very much for your help.

On Nmap PC, I ran couple cpmmands:

1) nmap -A -T4 10.10.0.1

2) nmap -sT 10.10.0.1

Thank you

topic Re: Snort IPS in Network Security

Snort IPS

Re: Snort IPS

Re: Snort IPS