Re: SPAN, RSPAN question

From: Stefan Grey (examplebrain@hotmail.com)
Date: Fri Aug 04 2006 - 14:57:32 ART

• Next message: Kevin Wallace: "Re: CCIE Written"
• Previous message: Stefan Grey: "RE: PIX and icmpn NONAT"
• Maybe in reply to: Stefan Grey: "SPAN, RSPAN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

IDS sensing interface, R2 fa0/1, R3 fa0/0, PIX outside interface are in the
same VLAN123.
R2 Fa0/1 is connected to fa0/2 of CAT2, PIX outside interface R3 fa0/0, and
IDS sensing interface are connected to CAT1. IDS sensing interface is
connected to fa0/15 of CAT1.

Is it what you requested??
If you have any question please ask. Please try and tell me your result. It
is very interesting for me. Since I didn't manage to make it working. And
have no ideas what I do wrong.

Thanks.

>From: secondie <secondie@gmail.com>
>Reply-To: secondie@gmail.com
>To: Stefan Grey <examplebrain@hotmail.com>
>Subject: Re: SPAN, RSPAN question
>Date: Fri, 04 Aug 2006 09:20:57 -0400
>
>I am practicing about the same scenario. I would like to lab up your
>scenario and try. Can you send clarification about diagram.
>
>e.g.
>
>outside is PIX1
>next is R2
>Pix and R2 connect via CAT1 VLANxxxx
>
>etc....
>
>And other objectives of the lab.
>
>Thanks
>-secondie
>
>Stefan Grey wrote:
>>Hello guys! I have a following problem.
>>
>>IDS-(sensing)---- R2 (195.1.123.2)
>>|__________|
>>PIX(outside) __ | |
>>(195.1.123.10) R3(195.1.123.3
>>
>>between PIX R2 and R3 is vlan 123. R2 is connected to CAT2. R3 and PIX are
>>connected to CAT1. IDS is connected to fa0/15 of CAT1. The goal is to
>>configure the SPAN, RSPAN so that IDS get all traffic traversing vlan 123.
>>fa0/7 - is just unused port.
>>Configs done:
>>CAT2:
>>monitor session 1 source vlan 123 rx
>>monitor session 1 destination remote vlan 500 reflector-port Fa0/7
>>
>>CAT1:
>>monitor session 1 source vlan 123 rx
>>monitor session 1 destination remote vlan 500 reflector-port Fa0/7
>>monitor session 2 destination interface Fa0/15
>>monitor session 2 source remote vlan 500
>>
>>and vlan500
>>remote-span
>>
>>On IDS is configured (icmp echo request, icmp echo reply signatures.)
>>
>>The problem is the following. When I ping between PIX,R2 and R3,R2. IEV
>>shows me the alarms. When I ping between R3 and PIX no alarms are shown.
>>
>>I have made the conclusion that R3 and PIX are on CAT1. And R2 is on CAT2.
>>Does anybody have any idea why the RSPAN works and the local SPAN it seems
>>it doesn't copy the traffic.
>>
>>Any help highly appreciated.
>>Thanks.
>>
>>_________________________________________________________________
>>Customise your home page with RSS feeds at MSN Ireland! http://ie.msn.com/
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>

• Next message: Kevin Wallace: "Re: CCIE Written"
• Previous message: Stefan Grey: "RE: PIX and icmpn NONAT"
• Maybe in reply to: Stefan Grey: "SPAN, RSPAN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:56 ART