04-27-2009 10:56 AM
If my P1 and T1 ports are in full duplex mode and both ports are on the same LAN (VLAN) as my PIX (inside interface) to Internet - Why do I need to SPAN one cisco port to another if all 3 interfaces (P1, T1 & PIX) see all inbound/outbound traffic?
If SPAN is mandatory, what interface do a SPAN to the T1 port?
04-27-2009 12:51 PM
Of course - traffic bound for the PIX won't been seen by T1 because it's MAC address is different - THAT'S why I need to SPAN - DOH! :roll:
I am migrating networks onto my S160 so I assume I will need to SPAN the P1 port on the Ironport and NOT the inside port of my PIX :oops:
04-27-2009 04:58 PM
I am migrating networks onto my S160 so I assume I will need to SPAN the P1 port on the Ironport and NOT the inside port of my PIX :oops:
04-27-2009 04:58 PM
Conorgeraghty,
I'm having a difficult time following the details in your posts. I'm not sure why you would ever need to "double span" interfaces.
You will want the bi-directional span to happen where the WSA T1 will see all traffic (with original Client IPs intact - pre-NAT).
You should be able to span the PIX inside interface and not need further spans, unless you have a separate network that you also need to monitor.
Please be aware that TCP RSTs will be sent out the P1 interface, so if you do monitor multiple networks, you will need the appropriate routes in order to reach the second network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide