2 Replies Latest reply: Mar 28, 2012 2:31 AM by Nick RSS

    IDSM2 inline with FWSM




      I am running into an issue and am in need of help....



      I have a 6500 with an IDSM-2 and FWSM module in it.  I am using an external Cisco router as my internet router..... The FWSM is the gateway for all interfaces in my "DMZ" nets while my Sup-720 is the router for everything internal.


      I configured my IDSM in promiscuous mode and everything worked fine. I was able to look at real time logging in the IME and manually make changes to protect my network using the firewall.  I then used the info from the logging and tweaked a few policies to prevent false positive and am ready to move the IDSM2 to "in-line" mode. 


      My understanding is that I :


      1) Create an extra vlan

      2) Move my external router port (via the switch) to that new vlan

      3) Assign a vlan pair putting one interface (g0/7)  on the new vlan (let's say 898) and the other (g0/8) on the existing vlan (let's say 899).  Since both vlans are controlled the FWSM, I shouldn't have a problem correct?  Or is my thinking wrong?


      On the switch:


      1) configure the Following on the 6500:


      intrusion-detection module 1 data-port 1 access-vlan 898 (new vlan) 

      intrusion-detection module 1 data-port 2 access-vlan 899 (existing vlan)
      (move switch port of external router) int g9/1 ... 
      switch access vlan 898


      2) On the IDSM-2:

           inline-interfaces MYIDSM2

            interface1 GigabitEthernet0/7

           interface1 Giga8bitEthernet0/8




      Since my FWSM also has a layer 3 interface to the internet (which points to the external router), will I need to move both to the new vlan?