We have Cisco ASA (5500 series) with an IPS module.
I am trying to figure out how to unblock a computer that has been blocked by our IPS. I think the command is "no shun <ip address>" but that has no effect. I run that command in the ASDM GUI and it looks like it runs with no errors but the client computer is still blocked. How do I unblock an "attacker/victim pair" blockage? Maybe my assumption is wrong about how this actually is implemented. I assumed that the IPS was running a "shun" command in the firewall but now I am guessing that is wrong.
We are using the IPS Manager Express version 7.2.1
Any help on how to unblock an IP pair would be much appreciated.
Thanks for your help with this issue. I should have been a little more specific. I am not trying to figure out how to prevent blockage in the future, I want to immediately unblock an IP that was blocked by a rule (we are testing a custom rule so we are intentionally triggering the rule).