I spent the weekend getting Snort IDS setup in my lab at
home. I have an
ASA5505 running "asa803-k8.bin". Interface eth0/0
goes to my cable router,
interface eth0/1 goes to the sniffing NIC on my Snort box
that is configured
without an IP address. Interface eth0/2 goes to the
managment NIC on my
Snort box. When I run TCPDUMP on the Snort box I get no
traffic, is there a
problem with my ASA config?
Here is a printout of my interface config..
interface Vlan1
nameif inside
security-level 100
ip address 192.168.15.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
description Sniffing Nic of SNORT box
switchport access vlan 2
switchport monitor Ethernet0/0
!
interface Ethernet0/2
description Managment Nic of SNORT box
!
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7
&i=131992&t=131992
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.
groupstudy.com/list/cisco.html
|