August 30, 2008 02:17am pdt

1. clearacid 6,200
2. richrumble 6,100
3. jahboite 6,080
4. shakoush... 5,500
5. harbor235 2,650
6. arnold 2,500
6. batry_boy 2,500
8. nsx106... 2,400
9. briancassin 2,000
9. dmadole 2,000
9. Herrmann... 2,000
9. H_D_A 2,000
9. KirkMatt 2,000
9. sadburger 2,000
9. LegendZM 2,000
9. mwecom... 2,000
9. PowerIT 2,000
9. ahoffmann 2,000
19. billwharton 1,975
20. rsivanandan 1,950
21. gurutc 1,500
21. IKZ 1,500
23. benrock 1,000
23. ravenpl 1,000
25. jhyiesla 900

1. PowerIT 10,300
2. rsivanandan 10,250
3. richrumble 7,900
4. jahboite 6,480
5. clearacid 6,200
6. shakoush... 5,500
7. billwharton 4,975
8. batry_boy 3,900
9. What90 3,700
10. dpiniella 3,200
11. ahoffmann 3,000
11. flscott 3,000
11. renill 3,000
14. harbor235 2,650
15. dpk_wal 2,595
16. arnold 2,500
17. tbigos 2,400
17. bigjimbo813 2,400
17. nsx106... 2,400
20. chrisande... 2,100
21. briancassin 2,000
21. sadburger 2,000
21. H_D_A 2,000
21. LegendZM 2,000
21. sarangk_14 2,000
21. justchat_1 2,000
21. mwecom... 2,000
21. Rurne 2,000
21. RobWill 2,000
21. leannonn 2,000
21. trinak96 2,000
21. dmadole 2,000
21. DatabaseMX 2,000
21. instillmotion 2,000
21. KirkMatt 2,000
21. keith_ala... 2,000
21. Herrmann... 2,000
21. ksivananth 2,000

07.23.2008 at 05:19PM PDT, ID: 23590646 | Points: 250

	[x] Attachment Details

Snort IDS on Cisco ASA5505 Switchport Monitor

Asked by Roetzel_Andress in Intrusion Detection Systems (IDS), Networking Protocols, Cisco PIX Firewall

Tags: Snort, Snort, 2.8.2.1, Installed on CentOS 5.2, Cisco, ASA, 5505, asa803-k8.bin

I spent the weekend getting Snort IDS setup in my lab at home. I have an ASA5505 running "asa803-k8.bin". Interface eth0/0 goes to my cable router, interface eth0/1 goes to the sniffing NIC on my Snort box that is configured without an IP address. Interface eth0/2 goes to the managment NIC on my Snort box. When I run TCPDUMP on the Snort box I get no traffic, is there a problem with my ASA config?
Here is a printout of my interface config.. Is there a problem running tcpdump on an interface without an IP address?

interface Vlan1
nameif inside
security-level 100
ip address 192.168.15.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
description Sniffing Nic of SNORT box
switchport access vlan 2
switchport monitor Ethernet0/0
!
interface Ethernet0/2
description Managment Nic of SNORT box
!

Reply To This Message
Start Free Trial

Keywords: Snort IDS on Cisco ASA5505 Switc…

	Title
1	VLAN config ASA 5505 and Cisco …
2	HOW DO I CONFIGURE VLANs ON AS…
3	Cisco ASA/3750 Multiple VLAN se…
4	Cisco Switch: Switchport Access
5	Configuration of a switchport
6	Confusion with port forwarding on AS…

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628