Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5770
Views
11
Helpful
17
Replies

Ask the Expert: Intrusion Prevention Systems

ciscomoderator
Community Manager
Community Manager

‎08-26-2011 03:35 PM - edited ‎03-10-2019 05:27 AM

Read the bioWith Madhu Kodali

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to discuss configuration and troubleshooting IDS/IPS sensors with Cisco expert Madhu Kodali. Madhu is a senior QA engineer on the Intrusion Prevention Systems development team in Austin, Texas, which supports the quality assurance of Cisco's intrusion detection and prevention solutions. He has been with Cisco for 10 years. His expertise lies in intrusion detection and prevention and the associated range of Cisco management products including Cisco IPS Manager Express and Cisco Adaptive Security Device Manager. Kodali holds a master's degree in computer science from the University of Texas at Dallas and currently holds CCSP certification.

Remember to use the rating system to let Madhu know if you have received an adequate response.

Madhu might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the discussion forum shortly after the event. This event lasts through September 9, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

Labels:
0 Helpful
17 Replies 17

Alejandro Barraza
Level 1
Level 1

‎09-05-2011 10:30 AM

Hello Madhu

     we have an ASA-SSM-10 sensor istalled on ASA 5510, I am just trying to block SKYPE with any luck with the IPS or the ASA firewall. is this possible??

I need to do this on this device because only my carrier have the control on the routers so I can't use the NBAR configuration.

thanks!

0 Helpful

mkodali
Cisco Employee
Cisco Employee
In response to Alejandro Barraza

‎09-05-2011 03:07 PM

Hi,

       Don't think ASA can block SKYPE traffic because the ports in the communication are negotiated dynamically. However IPS has signature 11251 subsig 0 which can detect this type of activity. This signature is disabled by default and has to be enabled. Also the event-action has to be modified to deny action instead of the default produce-alert setting. Assuming you are already familiar on how to send the traffic from ASA to IPS.

thanks

Madhu 

0 Helpful

Alejandro Barraza
Level 1
Level 1
In response to mkodali

‎09-07-2011 08:21 AM

Appreciate your answer, unfortunately, the signature can block just the first attempt but after that, the user can access without problems. The only way that I found, was checking the deny connection inline option but I can’t do that because the user need to be working on internet.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card