cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
264
Views
0
Helpful
0
Replies
Highlighted
Beginner

FWSM span with 3rd party IDS

I would like to setup our environment with third party IDS (not IPS).

Configuring SPAN on FWSM ends up with % Monitor Session with FWSM Card doesn't work for egress traffic in Crossbar switching mode.

Catalyst 6500 environment:

Mod Ports Card Type                              Model             

--- ----- -------------------------------------- ------------------

  1    6  Firewall Module                        WS-SVC-FWM-1      

  7    5  Supervisor Engine 720 10GE (Active)    VS-S720-10G       

  8    5  Supervisor Engine 720 10GE (Hot)       VS-S720-10G       

  9   48  CEF720 48 port 1000mb SFP              WS-X6748-SFP      

10   48  CEF720 48 port 1000mb SFP              WS-X6748-SFP      

11    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE     

12    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE     

I took look at http://www.cisco.com/en/US/products/hw/modules/ps2706/products_tech_note09186a0080bfd516.shtml

but end up with problem described here https://supportforums.cisco.com/thread/2129108

Is it possible to capture inbound and outbound traffic passing through FWSM and mirror it somewhere else?

Or what is the recommened approach for integrating Catalyst 6500+FWSM infrastructure with 3rd party IDS/IPS system?

0 REPLIES 0
Content for Community-Ad