12-09-2012 03:05 AM - edited 03-10-2019 01:42 PM
Hi,
i want to configure blocking on external router for some specfic signature, i already have access list on the outside interface to block some traffic and fragment packets with the name ACL_Router_External applied on interface outisde (G0/0)
when i configure blocking on IPS it create another ACL and applied to interface same interface in order to block.
how can i push ACL configuration from IPS to exisiting ACL (ACL_Router_External) ???
thanks
Solved! Go to Solution.
12-09-2012 09:36 PM
From the link that I posted, here are the steps that the IPS takes when building the ACL:
When the sensor starts up, it reads the contents of the two ACLs. It creates a third ACL with the following entries:
•A permit line for the sensor IP address
•Copies of all configuration lines of the Pre-Block ACL
•A deny line for each address being blocked by the sensor
•Copies of all configuration lines of the Post-Block ACL
The sensor applies the new ACL to the interface and direction that you designate.
In your case, you could use the ACL_Router_External as your Post-Block ACL. The IPS will add a permit for itself and a deny entry for the address being blocked. It will then append the existing ACL_Router_External entries that you already have configured before pushing the new combined ACL to the g0/0 interface.
12-09-2012 09:04 PM
The blocking feature on the IPS will always push its own ACL to the router interface in question. When it builds this new ACL, the IPS will reference any pre and post-block ACLs that you have statically configured on the router. The IPS will then sandwich the deny statements in between for the block traffic in question before deploying the combined ACL to the configured router interface. You can read more about the feature at the following link:
12-09-2012 09:16 PM
Hi Todd,
my case is:
ISP ------> (G0/0) External Router ---------> Switch1---------->IPS
----------> Switch2 --------->IPS
Interface G0/0 already has ACL which deny unwanted traffic.
I have configured IPS to block some attacks based signature fireing.
Is there any solution i can do ????
thanksss
12-09-2012 09:36 PM
From the link that I posted, here are the steps that the IPS takes when building the ACL:
When the sensor starts up, it reads the contents of the two ACLs. It creates a third ACL with the following entries:
•A permit line for the sensor IP address
•Copies of all configuration lines of the Pre-Block ACL
•A deny line for each address being blocked by the sensor
•Copies of all configuration lines of the Post-Block ACL
The sensor applies the new ACL to the interface and direction that you designate.
In your case, you could use the ACL_Router_External as your Post-Block ACL. The IPS will add a permit for itself and a deny entry for the address being blocked. It will then append the existing ACL_Router_External entries that you already have configured before pushing the new combined ACL to the g0/0 interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide