Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
277
Views
0
Helpful
1
Replies

IDS Reports Incorrectly About Blocking Device (PIX)

admin_2
Level 3
Level 3

‎07-17-2003 06:50 AM - edited ‎02-20-2020 10:51 PM

Hi!

I just added a PIX515E to my IDS 4210 (4.0)S37 as a blocking device. However, the IDS reports that the PIX does not support ACLs, which is not correct. The PIX has an access list defined for its outside interface.

When I test the IDS configuration, it does not blocking the attacker's IP as expected.

I would appreciate any help. Thanks!

Bercy

0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎07-17-2003 10:29 AM

The IDS sensors do not use ACLs to do blocking on the Pix. (Unlike routers where the IDS creates ACLs)

Instead the Pix has a special command put in specifically for blocking with an IDS sensor.

That command is the "shun" command, and is available directly in the Pix CLI.

The "shun" command is not specific to an interface of the Pix, instead the Pix automatically applies it to all interfaces.

SO you just need to enter the Pix login information and do not need to enter any information about any of the interfaces.

You can execute "show shun" on the Pix to see what addresses that the IDS is currently shunning on the Pix.

NOTE: You need to run a version of the Pix that has this "shun" command in it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card