Snort IPS

tdinh6731 · ‎03-15-2019

All

I have following configuration:

interface VirtualPortGroup0
  ip address 192.168.200.101 255.255.255.0
Interface VirtualPortGroup1
  description Data interface
  ip address 192.168.0.1 255.255.255.0

virtual-service myips
  vnic gateway VirtualPortGroup0
    guest ip address 192.168.200.100 255.255.255.0
  vnic gateway VirtualPortGroup1
    guest ip address 192.168.0.2 255.255.255.0
  activate

My management Interface ge0/0/0
 R1(conf)# inter ge0/0/0
 R1(conf-inter)#ip vrf forward MGT
 R1(conf-inter)#ip address 192.168.200.14 255.255.255.0

My Nmap PC with Ip address 10.10.10.2/24/GW 10.10.0.1 connect to Interface ge0/0/1 with Ip address of 
10.10.0.1.

I ran nmap scan and using command 
show utd engine standard logging event // show nothing.
I able to ping my log from Router. It seems to me the Interface VirtualPortGroup1 do not forward 
the data from scan machine ( port ge0/0/1) to Snort Engine. I configured Snort for all interfaces.
Snort engines is up and running fine.

Questions:
1) Do you see any issues why SNORT logger would not be logging any of the traffic from my nmap PC?
2) Would we have to put the interface VirtualPortGroup0 to the same VRF of MGT on interface ge0/0/0?

Please help.
Thank you