Core issue
This happens when the ssh host key is not present in the pix.
Resolution
Log into the Intrusion Detection Sensor (IDS) using the service account and Secure Shell (SSH) to the PIX Firewall. This process provides the ability to accept the host key.
Once this is done, a manual shun is performed successfully. There is output from the show shun command that corresponds to the manual shun event configured on the IDS. Refer to the IDS show stat net command output. The shun should be "State=Active".
Refer to the Blocking section of Troubleshooting Sensor for further information on IDS blocking issues.
Problem Type
Connectivity to the device
Product Family
IDS/IPS - 4200 series sensor