This topic is to discuss the following lesson:
I think the interfaces on your diagram are wrong on the Router RITE cause you mentioned f0/1 but there is none.
Thanks Alfredo, just fixed the image.
Hello Rene, thanks for the explanation. The question I have is: should returned traffic be inspected or forwarded to the IDS, instead of the client’s traffic? We assume internal traffic is trusted, right?
If you want to use RITE to forward traffic to an IDS/IPS then yes, it’s probably the traffic from outside to inside that you want to forward and inspect.
We don’t always trust internal traffic 100% btw. For example, a few weeks ago I used an ASA with firepower that is used to inspect all outgoing traffic. It can be used to drop certain traffic that the hosts are not allowed to use.
Nice. Is there any option to Monitor Traffic Remotely like RSPAN on Router port ??
Embedded Packet Capture works very well on routers.