https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345367#M68576 <HTML><HEAD></HEAD><BODY><P>Is that because, a tcp reset will be sent to vlan 145 against any traffic without a vlan tag.</P></BODY></HTML> Fri, 02 Oct 2009 18:37:10 GMT manuadoor 2009-10-02T18:37:10Z https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345362#M68570 <P>I would like to issue TCP resets thru promiscuous interface of cisco IPS 4240. As per the current setup (which is explained in the attached drawing) there is only one vlan between firewall and switch and its working fine with following configurations in switch </P><P></P><P>monitor session 1 source interface fastethernet0/5</P><P>monitor session 1 destination interface fastethernet0/14 ingress vlan 145</P><P></P><P>My problem is, if we have multiple vlan in between switch and firewall. How the configuration should be? any extra configuration required in IPS as well?</P><P></P><P></P><P></P><P> </P><P></P> Sun, 10 Mar 2019 11:46:41 GMT https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345362#M68570 manuadoor 2019-03-10T11:46:41Z https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345363#M68572 <HTML><HEAD></HEAD><BODY><P>On the switch, instead of using interface as the monitor source, use VLANS and in the monitor destination any one vlan is required. </P><P>The IPS will send the TCP RST packet via that vlan. </P><P></P><P>monitor session 1 source vlan 145,146,147</P><P>monitor session 1 destination interface f0/14 ingress vlan 145</P><P></P><P>There is no change on the IPS. </P><P></P></BODY></HTML> Wed, 30 Sep 2009 14:11:02 GMT https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345363#M68572 dhananjoy chowdhury 2009-09-30T14:11:02Z https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345364#M68573 <HTML><HEAD></HEAD><BODY><P>You are limited to only sending TCP resets to one VLAN when you send them out the sniffing interface.</P></BODY></HTML> Wed, 30 Sep 2009 16:03:14 GMT https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345364#M68573 rhermes 2009-09-30T16:03:14Z https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345365#M68574 <HTML><HEAD></HEAD><BODY><P>Can I know why we are using vlan 145 after ingress command. </P></BODY></HTML> Thu, 01 Oct 2009 01:23:10 GMT https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345365#M68574 manuadoor 2009-10-01T01:23:10Z https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345366#M68575 <HTML><HEAD></HEAD><BODY><P></P><P>vlan 145 is used after ingress command because the IPS will send the TCP RST packet via that vlan.</P><P></P></BODY></HTML> Fri, 02 Oct 2009 17:56:20 GMT https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345366#M68575 dhananjoy chowdhury 2009-10-02T17:56:20Z https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345367#M68576 <HTML><HEAD></HEAD><BODY><P>Is that because, a tcp reset will be sent to vlan 145 against any traffic without a vlan tag.</P></BODY></HTML> Fri, 02 Oct 2009 18:37:10 GMT https://community.cisco.com/t5/network-security/cisco-ips-ids-mode-tcp-reset/m-p/1345367#M68576 manuadoor 2009-10-02T18:37:10Z