Resolved! PIX: IDS drop vs. ACL permit
Do IDS signatures override ACLs previously set?If I permit echo-reply in my ACL, but I set the IDS to drop echo-reply packets, what will the PIX do? Does the ACL or the IDS have precedence in PIX?
Network Security
Engage with peers and experts on network security topics such as Secure Firewall Threat Defense, Adaptive Security Appliance, Secure Firewall Management Center, and Security Cloud Control.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- Network Security
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Labels
-
AAA
(9) -
Access Control Server (ACS)
(6) -
Access List
(4) -
ACI
(10) -
Advanced Threats
(1) -
AMP for Endpoints
(1) -
AnyConnect
(3) -
APIs
(1) -
Appliances
(18) -
ASA
(1) -
ASR 1000 Series
(1) -
Branch Router
(2) -
Buying Recommendation
(87) -
Catalyst 2000
(1) -
Catalyst 3000
(2) -
Catalyst 4000
(1) -
Catalyst 6000
(1) -
Catalyst 8000
(1) -
Catalyst 9000
(2) -
Catalyst Switch
(3) -
Catalyst Wireless Controllers
(1) -
Cisco
(1) -
Cisco Adaptive Security Appliance (ASA)
(9,624) -
Cisco Bugs
(54) -
Cisco Cafe
(25) -
Cisco CLI Analyzer
(1) -
Cisco Cloud Services Router
(1) -
Cisco Defense Orchestrator (CDO)
(149) -
Cisco Firepower Device Manager (FDM)
(812) -
Cisco Firepower Management Center (FMC)
(2,909) -
Cisco Firepower Threat Defense (FTD)
(3,163) -
Cisco Press Cafe
(1) -
Cisco Secure Firewall Device Management (FDM)
(45) -
Cisco Secure Firewall Management Center (FMC)
(236) -
Cisco Secure Firewall Threat Defense (FTD)
(285) -
Cisco Security Cloud Control
(16) -
Cisco Security Manager (CSM)
(3) -
Cisco Software
(19) -
CISCO START ANZ
(1) -
Cisco Threat Response
(1) -
Cisco Vulnerability Management
(46) -
Cloud
(1) -
Cloud Provisioning
(1) -
Cloud Security
(3) -
Community Bug or Issue
(1) -
Community Feedback Forum
(31) -
Community Ideas
(18) -
Compliance and Posture
(1) -
Crypto
(1) -
CSC Content with No Valid Community to Post
(1) -
CUBE
(1) -
CUCM
(1) -
Data Center Networking
(1) -
Device Admin
(14) -
EEM Scripting
(1) -
Emergency Responder
(1) -
Endpoint Security
(6) -
Enterprise Agreement
(1) -
Event Analysis
(264) -
FirePOWER
(1) -
Firepower Chassis Manager (FCM)
(2) -
Firepower Device Manager (FDM)
(16) -
Firepower Management Center (FMC)
(408) -
Firepower Threat Defense (FTD)
(221) -
Firewall Migration Tool (FMT)
(37) -
Firewalls
(1,171) -
FMC
(1) -
General
(2) -
Guest
(1) -
Identity Services Engine (ISE)
(9) -
IE3300
(1) -
Integrated Security
(8) -
Integrated Security Architecture
(1) -
Integrations
(4) -
Investigation
(2) -
iOS
(1) -
IPS and IDS
(6,580) -
IPS and IDS1
(1) -
IPS-IDS
(1) -
IPSEC
(1) -
IPv6 Configuration
(1) -
ISE
(1) -
LAN Switching
(7) -
License
(324) -
MPLS
(1) -
Multicloud Defense
(3) -
Network Management
(93) -
Network Security
(2) -
Networking
(1) -
NFVIS
(1) -
NGFW Firewalls
(37,594) -
NGIPS
(1,874) -
Online Tools and Resources
(1) -
Optical Networking
(3) -
Optics
(1) -
Other Collaboration Topics
(1) -
Other Community Feedback
(4) -
Other Firewalls
(1) -
Other NAC
(18) -
Other Network
(2) -
Other Network Security Topics
(10,791) -
Other Networking
(9) -
Other Routers
(9) -
Other Routing
(24) -
Other Routing and Switching topics
(2) -
Other Security
(1) -
Other Security Topics
(18) -
Other Switches
(12) -
Other Switching
(4) -
Other VPN Topics
(1) -
Passive Identity
(1) -
Physical Security
(21) -
Policy and Access
(2) -
Prioritization
(3) -
Remote Access
(2) -
Room Endpoints
(1) -
Routing Protocols
(9) -
SD-WAN Security
(1) -
Secure Network Analytics
(1) -
Security
(4) -
Security Management
(645) -
Segmentation
(3) -
Service Providers
(1) -
Small Business Routers
(5) -
Small Business Security
(2) -
Sourcefire
(2) -
Support
(2) -
Threat Containment
(6) -
Threat Defense
(1) -
Threat Grid
(1) -
Unified Computing System (UCS)
(1) -
Voice Gateways
(1) -
VPN
(28) -
VPN and AnyConnect
(1) -
Vulnerability Management
(46) -
WAN
(8) -
Web Security
(5) -
Webex Teams
(1) -
Wired
(3) -
Wireless Security
(1)
- « Previous
- Next »
Forum Posts
Resolved! clear pix acl counters
does anybody know how to clear pix acl counters?clear access-list counters does not work for pix.
I recently started a position where the previous network admin shredded a great deal of network information. I have been told that the previous admin had the network locked down too tight. To make a long an interesting story short I have a Cisco 506 ...
Hi, I have just updated to VMS 2.2 and IDSMC 1.2 on Windows 2k SP3 and want to install all three latest patches available. When I go to install the patches I get the follwing warning message:This Point Patch is not intended for this version of idsmdc...
Hello all,I am trying to sniff a session between a server on an "inside" segement and a server on a "DMZ" segment. The server on the inside is being NAT translated to the same address on the DMZ like so:static (inside,DMZ) 10.1.1.1 10.1.1.1 netmask 2...
I'm new with the PIX and don't know how to block ports. I'm using the CLI and need to block certain ports to avoid the mess with the blaster worm.Can anyone tell me what to type in after I do the config t that will block these ports?Thanks.
I do wonder if this is the right behaviour of the router. If I reload my Cisco 3620 IOS VPN Server, both CA and router's itself certificates are gone. Need to do the procedure (crypto ca authenticate ..., crypto ca enroll ...) to get the certificates...
Am I right to assume that the handful of ports 69, 135, 139, 445 and 4444 are blocked by nature on the PIX? I have not expressly opened any of them as far as I can tell? I have looked around on the net and not found anyone talking about the PIX in co...
Hi,Just a quick question. I'm running a pix 506 with software version 6.3. I was asked to look into configuring the IDS part of the firewall. Is there any white papers explaning how to configure it properly? I have experience with cisco's firewalls b...
Hi,What would be thebest way to configure a pix 501 to work with a cable modem the ISP provides a heartbeat and authentication service that periodically checks in from PC this is similar to the roadrunner service that run on some cable NW in the stat...
Hi All,I want to do the tunnelling in GRE or IPIP mode on the router behind the firewall. Then I do static NAT on the router for the tunnel source. I have opened ip any any and GRE for that static IP but somehow, I got error messages such as no xlate...
Is there anyone who worked with the Policy NAT on PIX 6.3 (2) ?I have a scenario where a central PIX vpn a remote site PIX .I want to translate Remote site inside private addresses because theyconflict with another remote site.So i want the Remote PI...
Dear AllI got a problem with my PIX 525, when i upgraded the IOS from 6.1 to 6.3 .The problem is that the Gateway router failed to catch the mac-address (of the PIX) of some machines behind the firewall although the firewall see these machines, i don...
Scenario :- I had installed 2 pix 515 (primary and failover) behind my internet router . My inside network is having 2 WAN routers(with private ip addresses) connecting to 2 different sites(with private ip addresses) . The only way for them to access...
Hi All,I have a PIX 515 that is dual homed to the Internet through 2 edge routers (1 router per ISP). How can I load balance outbound connections? It doesn't have to be perfect, I just want to utilize the second ISP.Will this work if I run OSPF betwe...
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Unanswered Topics
| Subject | Author | Posted |
|---|---|---|
| 06-10-2026 08:08 PM | ||
| 05-26-2026 07:54 AM | ||
| 05-02-2026 06:09 AM | ||
| 04-30-2026 12:46 AM | ||
| 04-24-2026 07:04 AM |
New solutions
