11-10-2004 02:24 PM - edited 03-09-2019 09:24 AM
Q1 Can IDs monitoring interface monitor both incomming and outgoing traffic simultaneously (i have just one ids monitoring interface on ids)?
Q2) If i have only on monitoring interface on my IDS, can I monitor traffic thats comming via two different routers. The routers are not physically at the same location. If yes then how if no then whats the best solution ?
Thanks
11-11-2004 01:05 AM
Hi zaheer,
Yes.. both incoming & outgoing traffic can be monitored by the IDS...
Monitoring in IDS is just based on what traffic you are going to SPAN at the switch. It just acts like a syslog server, collecting the details it gets from the switch. So, if you have set SPAN on both directions, IDS will monitor and report that.
2) Again... it all depends on how you can span the traffic to the IDS port.. if both the routers are connected to switches, which are on the same domain and trunked to each other, you can do a RSPAN and remotely monitor the other router's port.. in this case, you will get the IDS reports for both the routers.
Hope this helps !!
All the best..
11-11-2004 02:54 AM
Dear Sachinraja,
It was a very helpfull reply. I am still not clear in one part , if I have one monitoring interface in IDS, can this monitoring interface be used to monitor both incomming and out going traffic simultaneously at a single physical interface for example S1 or i need two differnt monitoring interface (one for incooming traffic at S1 and the other for outgoing traffic at S1).
11-11-2004 03:05 AM
Zaheer,
IDS generally has only one sniffing interface (bu default) which can monitor both incoming and outgoing traffic.. you dont need any more interfaces, unless the service is a isolated one..
consider this example..
router --> switch <-- IDS sniffing interface...
consider.. router - Fa0/1 , IDS Fa 0/2
on the switch you will configure..
monitor session 1 source interface fa0/1 both
monitor session 1 destination interface fa0/2
"both" keyword will forward both the incoming & outgoing traffic to the IDS. IDS will just see these packets and act upon..
so.. you just require one monitoring interface on your scenario..
All the best !!
11-11-2004 05:51 AM
Hey ,
Thanks for the help..it was awsome. Takecare
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide