Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1380
Views
0
Helpful
1
Replies

Blocking a host by applying ACL in PIX through IDS 4230

thangu
Level 1
Level 1

‎12-15-2001 11:18 AM - edited ‎02-20-2020 09:56 PM

Hi ,

I want that the IDS should apply an acl to PIX when it detects an attack.I have tested this and found that cspm(2.3.3i)says that it has applied the acl and also shows in the event viewer that the ip address is blocked.But when I see the access-list in the PIX there is no entry..and I am able access everything even though the cspm says it is blocked.

The same functionality I have tested with 2611 router and everything works fine..as ids and cspm adds a acl in the router.

Do I need to upgrade any IOS to resolve this issue ? or am I missing something ?

The software version used during the testing was

sensor (4230) - 3.0(1)s4

PIX 535 - 6.0(1)

CSPM - 2.3.3 i

Kind Regards /Thangavel

0 Helpful
1 Reply 1

chstone
Level 1
Level 1

‎12-15-2001 03:00 PM

The PIX does not handle attacks in the same manner in which a router being used to block will. Where as the router will apply an acl, the PIX will use the "shun" command. The will be no acl added on the PIX when it detects an attack.

All of the versions that you have listed will work for shunning on the PIX. I would suggest that you look closer at your configuration. Take a look at the link below. You can issue the "show shun" command on the pix to see what is being shunned.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/pixrn601.htm#75046

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card