From: Stefan Grey (examplebrain@hotmail.com)
Date: Fri Aug 04 2006 - 04:39:51 ART
Hello guys! I have a following problem.
IDS-(sensing)---- R2 (195.1.123.2)
|__________|
PIX(outside) __ | |
(195.1.123.10) R3(195.1.123.3
between PIX R2 and R3 is vlan 123. R2 is connected to CAT2. R3 and PIX are
connected to CAT1. IDS is connected to fa0/15 of CAT1. The goal is to
configure the SPAN, RSPAN so that IDS get all traffic traversing vlan 123.
fa0/7 - is just unused port.
Configs done:
CAT2:
monitor session 1 source vlan 123 rx
monitor session 1 destination remote vlan 500 reflector-port Fa0/7
CAT1:
monitor session 1 source vlan 123 rx
monitor session 1 destination remote vlan 500 reflector-port Fa0/7
monitor session 2 destination interface Fa0/15
monitor session 2 source remote vlan 500
and vlan500
remote-span
On IDS is configured (icmp echo request, icmp echo reply signatures.)
The problem is the following. When I ping between PIX,R2 and R3,R2. IEV
shows me the alarms. When I ping between R3 and PIX no alarms are shown.
I have made the conclusion that R3 and PIX are on CAT1. And R2 is on CAT2.
Does anybody have any idea why the RSPAN works and the local SPAN it seems
it doesn't copy the traffic.
Any help highly appreciated.
Thanks.
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:56 ART