https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831212#M84652 <HTML><HEAD></HEAD><BODY><P>One solution might also be to SPAN monitor the port channel serving the FWSM. In my case it's po 271. If you filter the SPAN session on only vlan 60 you should get the traffic flowing in and out of the FWSM outside interface towards the MSFC.</P><P>I've tried this a few times with a sniffer and it seems to work. Haven't tried it with the IDSM though</P><P></P><P>/Fredrik</P></BODY></HTML> Wed, 20 Feb 2008 09:54:09 GMT hoffa2000 2008-02-20T09:54:09Z https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831210#M84650 <P>Hi</P><P></P><P>I have question regarding IDSM2 implementation in FWSM environment.</P><P></P><P>VLAN 60 is outside interface on FWSM</P><P>interface Vlan60</P><P> nameif outside</P><P> security-level 0</P><P> ip address 10.10.60.2 255.255.255.0</P><P></P><P>Also, on Cisco 6500, I have VLAN 60</P><P>interface Vlan60</P><P> ip address 10.10.60.1 255.255.255.0</P><P></P><P>Everything is OK, inside interface on FWSM is SVI 66, everything is UP and FWSM is wporking correctly.</P><P></P><P>Now, I want to put IDSM2 to monitor ALL traffic between FWSM outside interface and MSFC(6500). </P><P></P><P>Is it possible? And how?</P><P></P><P>I know that I need to put some additional VLAN to bridge through IDMS2, creating interface vlan pair (subinterface on data ports of IDSM2), but in thaht case, I am losing connection between FWSM and MSFC</P><P></P><P>Please help. Thank You</P><P></P><P></P> Sun, 10 Mar 2019 10:59:25 GMT https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831210#M84650 binelipetrov 2019-03-10T10:59:25Z https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831211#M84651 <HTML><HEAD></HEAD><BODY><P>You will need to create a new vlan and then put all traffic between FWSM and MSFC in this vlan. You can also create multiple vlans if required. Then put the vlan for monitoring in the IDSM2. Following link may help you</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/cliIdsm2.html" target="_blank">http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/cliIdsm2.html</A></P></BODY></HTML> Mon, 18 Feb 2008 15:42:10 GMT https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831211#M84651 amritpatek 2008-02-18T15:42:10Z https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831212#M84652 <HTML><HEAD></HEAD><BODY><P>One solution might also be to SPAN monitor the port channel serving the FWSM. In my case it's po 271. If you filter the SPAN session on only vlan 60 you should get the traffic flowing in and out of the FWSM outside interface towards the MSFC.</P><P>I've tried this a few times with a sniffer and it seems to work. Haven't tried it with the IDSM though</P><P></P><P>/Fredrik</P></BODY></HTML> Wed, 20 Feb 2008 09:54:09 GMT https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831212#M84652 hoffa2000 2008-02-20T09:54:09Z https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831213#M84653 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Hope you have already solved your problem. have you tried changing the inline TCP tracking mode?</P></BODY></HTML> Mon, 02 Jun 2008 08:05:05 GMT https://community.cisco.com/t5/network-security/idsm2-and-fwsm/m-p/831213#M84653 jonix.niebla 2008-06-02T08:05:05Z