Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
10
Helpful
4
Replies

Can Ids monitors both incomming and outgoing traffic or both simulatneously

Zaheer_Assariya
Level 1
Level 1

‎11-10-2004 02:24 PM - edited ‎03-09-2019 09:24 AM

Q1 Can IDs monitoring interface monitor both incomming and outgoing traffic simultaneously (i have just one ids monitoring interface on ids)?

Q2) If i have only on monitoring interface on my IDS, can I monitor traffic thats comming via two different routers. The routers are not physically at the same location. If yes then how if no then whats the best solution ?

Thanks

Labels:
0 Helpful
4 Replies 4

sachinraja
Level 9
Level 9

‎11-11-2004 01:05 AM

Hi zaheer,

Yes.. both incoming & outgoing traffic can be monitored by the IDS...

Monitoring in IDS is just based on what traffic you are going to SPAN at the switch. It just acts like a syslog server, collecting the details it gets from the switch. So, if you have set SPAN on both directions, IDS will monitor and report that.

2) Again... it all depends on how you can span the traffic to the IDS port.. if both the routers are connected to switches, which are on the same domain and trunked to each other, you can do a RSPAN and remotely monitor the other router's port.. in this case, you will get the IDS reports for both the routers.

Hope this helps !!

All the best..

Zaheer_Assariya
Level 1
Level 1
In response to sachinraja

‎11-11-2004 02:54 AM

Dear Sachinraja,

It was a very helpfull reply. I am still not clear in one part , if I have one monitoring interface in IDS, can this monitoring interface be used to monitor both incomming and out going traffic simultaneously at a single physical interface for example S1 or i need two differnt monitoring interface (one for incooming traffic at S1 and the other for outgoing traffic at S1).

0 Helpful

sachinraja
Level 9
Level 9
In response to Zaheer_Assariya

‎11-11-2004 03:05 AM

Zaheer,

IDS generally has only one sniffing interface (bu default) which can monitor both incoming and outgoing traffic.. you dont need any more interfaces, unless the service is a isolated one..

consider this example..

router --> switch <-- IDS sniffing interface...

consider.. router - Fa0/1 , IDS Fa 0/2

on the switch you will configure..

monitor session 1 source interface fa0/1 both

monitor session 1 destination interface fa0/2

"both" keyword will forward both the incoming & outgoing traffic to the IDS. IDS will just see these packets and act upon..

so.. you just require one monitoring interface on your scenario..

All the best !!

Zaheer_Assariya
Level 1
Level 1
In response to sachinraja

‎11-11-2004 05:51 AM

Hey ,

Thanks for the help..it was awsome. Takecare

0 Helpful
Customers Also Viewed These Support Documents