https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151917#M609576 <HTML><HEAD></HEAD><BODY><P>Instructions for sensor and PIX basic configuration can be found here:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid23" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid23</A></P><P></P><P>Instructions for sensor and PIX SSH configuration can be found here:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid16" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid16</A></P><P></P><P>You can configure the sensor to connect to the PIX via telnet when</P><P>using the PIX inside interface, otherwise you must use SSH.</P><P>SSH with 3des encryption is supported in version 3.0 or later</P><P>sensors for PIX connections.</P><P></P><P>Caveat: If you want to use telnet with a version 6.2.1 or later PIX, or if </P><P>you want to use SSH with des encryption on any PIX, then you will </P><P>need a patch for your sensor. If so, open a TAC case and request </P><P>the latest engineering build of nr.managed. Reference </P><P><A href="mailto:stleary@cisco.com">stleary@cisco.com</A> for any questions.</P><P></P></BODY></HTML> Wed, 12 Feb 2003 04:06:59 GMT stleary 2003-02-12T04:06:59Z https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151914#M609572 <P>I am reading the Release Notes for Cisco Intrusion Detection System Sensor Version 3.0(1)S4, and I have stumbled on the new features of this version that it claims Integration with the PIX Firewall</P><P></P><P>How do you implement this? What kind of integration does it offer?</P> Fri, 21 Feb 2020 06:33:15 GMT https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151914#M609572 rolalo 2020-02-21T06:33:15Z https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151915#M609573 <HTML><HEAD></HEAD><BODY><P>The IDS Sensor has a feature called shun/blocking (originally known as shun, but over time has become known as blocking).</P><P></P><P>When the IDS detects an attack it can be configured to connect to another Cisco device (through telnet or ssh with username/passwords), and then reconfigure the device to shun/block the ipaddress of the attacker.</P><P></P><P>When using IDS blocking feature with a Cisco router the sensor will telnet to the router and create an ACL which will deny the ip address of the attacker.</P><P>When using IDS blocking feature with a Pix the sensor will telnet/ssh to the pix and execute a special "shun <IPADDRESS>" command on the pix. The Pix then blocks packets to or from that ip address on all of it's interfaces.</IPADDRESS></P><P></P></BODY></HTML> Tue, 11 Feb 2003 21:56:14 GMT https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151915#M609573 marcabal 2003-02-11T21:56:14Z https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151916#M609574 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply, Any template or configuration that I could follow?</P><P>I am using an IDS 4210 software version 3.01(S4).</P><P>and CSPM 2.3.1i.</P><P></P><P></P><P></P></BODY></HTML> Wed, 12 Feb 2003 02:49:44 GMT https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151916#M609574 rolalo 2003-02-12T02:49:44Z https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151917#M609576 <HTML><HEAD></HEAD><BODY><P>Instructions for sensor and PIX basic configuration can be found here:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid23" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid23</A></P><P></P><P>Instructions for sensor and PIX SSH configuration can be found here:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid16" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid16</A></P><P></P><P>You can configure the sensor to connect to the PIX via telnet when</P><P>using the PIX inside interface, otherwise you must use SSH.</P><P>SSH with 3des encryption is supported in version 3.0 or later</P><P>sensors for PIX connections.</P><P></P><P>Caveat: If you want to use telnet with a version 6.2.1 or later PIX, or if </P><P>you want to use SSH with des encryption on any PIX, then you will </P><P>need a patch for your sensor. If so, open a TAC case and request </P><P>the latest engineering build of nr.managed. Reference </P><P><A href="mailto:stleary@cisco.com">stleary@cisco.com</A> for any questions.</P><P></P></BODY></HTML> Wed, 12 Feb 2003 04:06:59 GMT https://community.cisco.com/t5/network-security/ids-integration-with-the-pix-firewall/m-p/151917#M609576 stleary 2003-02-12T04:06:59Z