I think this should be pretty straight forward, but am having am impossible time getting blocking to work. I have an IPS 4240 with software version 6 and have configured many login profiles to try to get my ASA to shun a host triggering a signature using the host block option. Setup is host -> switch -> IPS spanning uplink port -> router -> ASA -> Internet
I've tried manually adding the block on the host and while it appears in the active host blocks monitoring section, the host is still able to reach anywhere on the Internet. I also see an ARC event stating wrong username/password combination. Seems like a simple fix, but I'm fairly sure I'm putting the correct username and password in. I've retrieved the ssh key from the ASA while on the IPS and have tried using telnet also. I've enabled any host on my LAN to telnet to the PIX in effort to troubleshoot, but it's not working either. I'm using Cisco ACS with my ASA, and have tried domain\username and [email protected] and just plain username, but none work.