Re: shunning with PIX?

eckertb · ‎09-27-2002

I read in the Cisco Press CSIDS book that you can only shun a network using an ACL on a router and that the PIX compatibility is being worked. Is this feature available yet? I am working on getting both implemented. Thanks.

marcabal · ‎09-27-2002

NO

Shunning individual IP addresses through IDS is supported for the PIX.

But shunning of Networks through IDS is not supported for the Pix.

This is because the IDS sensor used an actual "shun" command on the Pix.

There is literally a "shun" command for the Pix command line.

The "shun" command on the Pix only supports shunning addresses.

So for this feature to be added in the future the Pix would have to change it's "shun" command to allow network shuns.

Marco

lathian · ‎10-01-2002

Where can I verify that which IP addresss the pix shun ? On the Pix or On Management console (CSPM)?

Thanks

tpfannes · ‎10-01-2002

show shun

will show all devices being blocked

piseli · ‎10-07-2002

YES,

but it works not with ACL on a PIX it uses the SHUN command !

We tryed in the LAB and it works fine.

sincerly

Patrick

conleya · ‎10-15-2002

Shunning is available with the PIX. It doesn't use ACLs though, it actually uses the shun command on the PIX. I believe you have to be running at least ver 6.x on the PIX for it to work.