Solved: Can the IPS send block messages to the router?

Xavier Lloyd · ‎11-04-2011

Hi All!

I was told by an engineer that the IPS sensor can be configured to configure a timed ACL on a router based on IPS alerts it receives (to block a specific IP address for example). Is this true? I did a search but as you can imagine all the results that are returned are for configuring IPS on the router (IOS IPS).

Can anyone point me to a document or somewhere I can get more info?

Thanks much!

Regards,

Xavier

rhermes · ‎11-04-2011

Xavier -

You were told correctly, Cisco IPS Sensors can create a temporary ACL in Cisco IOS routers and Cisco PIX/ASA Firewalls. The feature you are looking for is called "Shunning" or "Blocking".

You need to enable shunning for the signatures you wish to shun, and configure the IPS sensor with the necessary credentials, interface and direction on the router you want the ACL to appear.

Here is a CLI configuration example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080afe111.shtml

And here is an IME configuration example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00801c0e3c.shtml

- Bob

View solution in original post

rhermes · ‎11-04-2011