09-27-2002 11:39 AM - edited 02-20-2020 10:16 PM
I read in the Cisco Press CSIDS book that you can only shun a network using an ACL on a router and that the PIX compatibility is being worked. Is this feature available yet? I am working on getting both implemented. Thanks.
09-27-2002 12:13 PM
NO
Shunning individual IP addresses through IDS is supported for the PIX.
But shunning of Networks through IDS is not supported for the Pix.
This is because the IDS sensor used an actual "shun" command on the Pix.
There is literally a "shun" command for the Pix command line.
The "shun" command on the Pix only supports shunning addresses.
So for this feature to be added in the future the Pix would have to change it's "shun" command to allow network shuns.
Marco
10-01-2002 09:18 AM
Where can I verify that which IP addresss the pix shun ? On the Pix or On Management console (CSPM)?
Thanks
10-01-2002 11:54 AM
show shun
will show all devices being blocked
10-07-2002 09:07 AM
YES,
but it works not with ACL on a PIX it uses the SHUN command !
We tryed in the LAB and it works fine.
sincerly
Patrick
10-15-2002 01:19 PM
Shunning is available with the PIX. It doesn't use ACLs though, it actually uses the shun command on the PIX. I believe you have to be running at least ver 6.x on the PIX for it to work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide