I haven't posted for awhile so I'm hoping this is the right forum for this question....

I'll give you a run down on the situation first and then hopefully some of the guru's out there will be able to fill in the blanks...

Firstly, I'm working for a government organisation that has certain security requirements when it comes to our network and server base (Server 2003 and Linux (various flavours).
Joy of joys, we have come up for an audit later this month and it is apparently fairly intrusive and wide reaching.

They have given over 3 hours for one of our networks which is primarily a Windows 2003 servers environment using Cicso switches/routers that is NOT connected to the Internet. Physically seperate entirely.

The opinion and thoughts I'm looking for is what tools do you think they'll be running to scan out network? We are already using the SE core for Linux, and have tried (as much as possible) to lock down the windows servers.
Today I'm looking at running Bastille Linux to help on the Linux boxes and Nessus followed by ethereal to see what is open and floating around the network but I'm a little worried that I'm missing something?

Lastly, is it worth installing the encrypted IOS on the switches aswell?

Any thoughts would be great.