IPS4260 shunnig on FWSM multiple-context

Unanswered Question
Jun 11th, 2008


I have an IPS-4260 in promiscous mode, "IDS mode". I have to configure it to use an FWSM as a blocking device but I am not really sure about how to do it because I'm using multiple-context mode in the FWSM. I only want to shun traffic in one context (this is not the admin context).

When I configure the blocking devices in the IPS, should I configure the context as if it is an standalone firewall? Meaning that the IP address configured there would be an IP address to login directly into that context? Therefore, the IPS should have IP conectivity to that context in order to login to it, rigth?

Thanks in advanced for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Wed, 06/11/2008 - 13:22

Yes the IPS will login to the FWSM just like a normal user. If you are using telnet,

telnet sensor-ip /32 interface

IF you are using ssh:

ssh sensor-ip /32 interface

Also in SSH there is an additional step, make sure the ASA is in the IPS's SSH Trusted Hosts/Keys.



marcabal Wed, 06/11/2008 - 13:51

You are correct.

From the sensor standpoint you will treat each FWSM context as a unique firewall with it's own IP address unique to that context.

Understand that the IPS will send the same shun commands to every firewall (or every context) that is being managed.

So in your case the sensor will send all shuns to your firewall context even though some of the traffic being monitored may have come from other firewall contexts. You can not designate which addresses to shun on which firewall/context.


This Discussion