I am running into an issue and am in need of help....
I have a 6500 with an IDSM-2 and FWSM module in it. I am using an external Cisco router as my internet router..... The FWSM is the gateway for all interfaces in my "DMZ" nets while my Sup-720 is the router for everything internal.
I configured my IDSM in promiscuous mode and everything worked fine. I was able to look at real time logging in the IME and manually make changes to protect my network using the firewall. I then used the info from the logging and tweaked a few policies to prevent false positive and am ready to move the IDSM2 to "in-line" mode.
My understanding is that I :
1) Create an extra vlan
2) Move my external router port (via the switch) to that new vlan
3) Assign a vlan pair putting one interface (g0/7) on the new vlan (let's say 898) and the other (g0/8) on the existing vlan (let's say 899). Since both vlans are controlled the FWSM, I shouldn't have a problem correct? Or is my thinking wrong?
On the switch:
1) configure the Following on the 6500:
intrusion-detection module 1 data-port 1 access-vlan 898 (new vlan)
intrusion-detection module 1 data-port 2 access-vlan 899 (existing vlan) (move switch port of external router) int g9/1 ... switch access vlan 898
2) On the IDSM-2:
Since my FWSM also has a layer 3 interface to the internet (which points to the external router), will I need to move both to the new vlan?
You're thinking looks right to me.. the router is in vlan 898, the FWSM stays in 899 and the IDSM should bridge the two (when configured as an inline interface pair*). If you move the FWSM to 898 then the IDSM will not be inline.