https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172358#M77854 <HTML><HEAD></HEAD><BODY><P>Yes you can.</P><P></P><P>In promiscous mode you tap the required traffic (All fwsm context Vlans) at Switch and copy that traffic to IDSM.</P><P></P><P>Syed</P></BODY></HTML> Mon, 26 Jan 2009 20:27:53 GMT Syed Iftekhar Ahmed 2009-01-26T20:27:53Z https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172357#M77853 <P></P><P>Hi, </P><P></P><P>I would like to know whether it is possible to use IDSM across two distinct contexts in FWSM. </P> Sun, 10 Mar 2019 11:28:40 GMT https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172357#M77853 cisco_lite 2019-03-10T11:28:40Z https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172358#M77854 <HTML><HEAD></HEAD><BODY><P>Yes you can.</P><P></P><P>In promiscous mode you tap the required traffic (All fwsm context Vlans) at Switch and copy that traffic to IDSM.</P><P></P><P>Syed</P></BODY></HTML> Mon, 26 Jan 2009 20:27:53 GMT https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172358#M77854 Syed Iftekhar Ahmed 2009-01-26T20:27:53Z https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172359#M77855 <HTML><HEAD></HEAD><BODY><P></P><P>Thanks Syed. </P><P></P><P>If I were to use inline mode, when there are distinct active contexts across two FWSMs; will it be possible. </P></BODY></HTML> Mon, 26 Jan 2009 20:40:36 GMT https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172359#M77855 cisco_lite 2009-01-26T20:40:36Z https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172360#M77856 <HTML><HEAD></HEAD><BODY><P>Yes you can.</P><P></P><P>You can configure IDSM-2 in inline VLAN pair mode. IDSM-2 performs VLAN bridging between pairs of VLANs within the same data port operating as an 802.1q trunk.</P><P></P><P>IDSM-2 has two data ports (sensing ports).</P><P></P><P>You can configure IDSM-2 to simultaneously bridge up to 255 VLAN pairs on each data port.</P><P></P><P>So with two sensing ports you can have 2 x 255 </P><P>inline vlan pairs.</P><P></P><P>(Obviously its not recommended to have so many vlan pairs. Remember that IDSM throughput is hardly 500Mbps and it can easily become a bottleneck in front of FWSM which has much higher throughput)</P><P></P><P>HTH</P><P>Syed</P></BODY></HTML> Mon, 26 Jan 2009 22:35:54 GMT https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172360#M77856 Syed Iftekhar Ahmed 2009-01-26T22:35:54Z https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172361#M77857 <HTML><HEAD></HEAD><BODY><P>Thanks. </P><P></P><P>Once more for clarity. </P><P></P><P>Lets say contextA is active on FWSM1 placed in Cat6500(1) and contextB is active on FWSM2 placed in Cat6500(2). IDSM(1) is installed on Cat6500(1) and IDSM(2) is installed on Cat6500(2). </P><P></P><P>Can both the active contexts on different FWSM be inspected by the IDSM simultaneously. Which IDSM shall inspect which FWSM. Is it 1 to 1 and 2 to 2.</P></BODY></HTML> Mon, 26 Jan 2009 23:26:31 GMT https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172361#M77857 cisco_lite 2009-01-26T23:26:31Z https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172362#M77858 <HTML><HEAD></HEAD><BODY><P>Unlike FWSM/ACE where you could have one FWSM active &amp; other standby, In IDSM there are no such states.</P><P></P><P>You will have to extend all FWSM &amp; IDSM vlans over trunk between two switches and then configure STP (Spanning tree protocol)such taht it will make one path in forwarding mode and other in Blocking mode.</P><P></P><P>For example if context1 is active in SW1 &amp; standby in SW2. Then STP will ensure that link b/w Active context1 (of SW1) &amp; IDSM(of SW1) is in forwarding state &amp; link between b/w stdby context1 (of SW2) &amp; IDSM(of SW2) is in blocking state.</P><P></P><P>Syed</P><P></P><P></P></BODY></HTML> Tue, 27 Jan 2009 01:04:51 GMT https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172362#M77858 Syed Iftekhar Ahmed 2009-01-27T01:04:51Z https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172363#M77859 <HTML><HEAD></HEAD><BODY><P></P><P>Would you be able to provide a short example of extending FWSM/IDSM vlans over the trunk and configuring STP where different active contexts reside on both the FWSMs.</P><P></P><P></P></BODY></HTML> Tue, 27 Jan 2009 16:03:57 GMT https://community.cisco.com/t5/network-security/using-idsm-with-fwsm-in-multiple-context/m-p/1172363#M77859 cisco_lite 2009-01-27T16:03:57Z