ā08-12-2011 08:19 AM - edited ā03-10-2019 05:26 AM
Hello,
I have two questions on the IDSM-2:
1- How can I inspect inline the FWSM outside/dmz interfaces?
I followed this doc http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1068377
I understand that I'm bridging the L2 with the L3 Vlans, but on the FWSM how would that work ?
I have 2 L2 vlans:
My FWSM config:
firewall multiple-vlan-interfaces
firewall module 1 vlan-group 10
firewall vlan-group 10 20,50,60,100
!
!
interface Vlan20
no ip address
shutdown
!
interface Vlan60
no ip address
shutdown
2 - I also want to inspect my vlan 300 L2 with users and my 301 L3 as SVI
intrusion-detection module 6 management-port access-vlan 100
intrusion-detection module 6 data-port 1 trunk allowed-vlan 300,301
This is correct right ?
Thank you !
ā08-17-2011 05:19 AM
You have to make an inline VLAN pair for each segement you want to monitor in the IDSM and add each of them to the trunk. For better separation of load, you could divide the VLANs over two different interfaces on the IDSM.
Please search the forum, I have posted sample configs multiple times and let me know if you are not able to find those old posts.
Please rate if helpful.
Regards
Farrukh
ā08-21-2011 12:48 PM
Create a Inline vlan pair
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide