[Snort-users] How To Mirror/Monitor T1 and VPN Traffic w/Cisco Routers?

McCash, John John.McCash at ...10979...
Mon Oct 4 08:13:38 EDT 2004


Hi Everyone,
	I've got some site to site traffic that I want to monitor. The
problem is that it never gets onto my local LAN switches. I've got an
assortment of external sites connected by VPN links, and I'd like to be
able to monitor traffic that is routed directly from one VPN to another,
but that traffic never leaves the Cisco router that anchors the VPNs.

	Additionally, some of my VPN connected external sites have
additional T1 links out to smaller sites. These T1 links all come back
to a single router at the larger site, but again, I can't monitor the
traffic from one smaller site to another because it comes in one T1
link, and goes back out another.

	Is there a way to have a router span or mirror traffic to
another interface the same way that a switch can? Or can it somehow
directly copy the datastream to somewhere else on the LAN?

		Thanks lots for your help
			John McCash
------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]




More information about the Snort-users mailing list