Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
386
Views
0
Helpful
2
Replies

Configuring IDS-4210 to shun on a 2610.

helvey-johnson
Level 1
Level 1

‎03-18-2004 02:11 PM - edited ‎03-09-2019 06:48 AM

When setting up the IDS it asks for a pre-block and a post-block ACL. I currently have an ACL on my interface; this will be my post-block ACL (correct?). I also have two interfaces in my router; I assume I will add two interface to the IDS? Thanks, H

Labels:
0 Helpful
2 Replies 2

a.arndt
Level 3
Level 3

‎03-19-2004 06:00 AM

WRT the pre-block ACL, you are correct. Your current production ACL name would be used so that the sensor reapplies it after a shun has been completed.

WRT added two interfaces to your IDS, it will depend on how and what you want to shun. If you simply want to block troublesome IP addresses from the Internet, setting up incoming shunning on the interface that connects to the Internet will do the trick. If your desire is to prevent users / systems on your network from doing nasty thing s to anything connected to the other side of the router, then a similar configuration on this interface is appropriate. IMHO, the only time you'd use both interfaces is if you're trying to shun a very specific activity from going through the router (say, for example, telnet usage).

I hope this helps,

Alex

0 Helpful

helvey-johnson
Level 1
Level 1
In response to a.arndt

‎03-22-2004 07:46 AM

Sorry, what I ment to say was that I have 2 serial interfaces and 1 ethernet interface. I want to apply the blocking to both serial interfaces, currently I have two ACL's (one for each). So I will need to set up two more on my router as well as on the IDS. Thanks, H

0 Helpful
Customers Also Viewed These Support Documents