cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
338
Views
0
Helpful
2
Replies

IPS4260 shunnig on FWSM multiple-context

javiercastro
Level 1
Level 1

Hello,

I have an IPS-4260 in promiscous mode, "IDS mode". I have to configure it to use an FWSM as a blocking device but I am not really sure about how to do it because I'm using multiple-context mode in the FWSM. I only want to shun traffic in one context (this is not the admin context).

When I configure the blocking devices in the IPS, should I configure the context as if it is an standalone firewall? Meaning that the IP address configured there would be an IP address to login directly into that context? Therefore, the IPS should have IP conectivity to that context in order to login to it, rigth?

Thanks in advanced for your help.

2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

Yes the IPS will login to the FWSM just like a normal user. If you are using telnet,

telnet sensor-ip /32 interface

IF you are using ssh:

ssh sensor-ip /32 interface

Also in SSH there is an additional step, make sure the ASA is in the IPS's SSH Trusted Hosts/Keys.

Regards

Farrukh

marcabal
Cisco Employee
Cisco Employee

You are correct.

From the sensor standpoint you will treat each FWSM context as a unique firewall with it's own IP address unique to that context.

Understand that the IPS will send the same shun commands to every firewall (or every context) that is being managed.

So in your case the sensor will send all shuns to your firewall context even though some of the traffic being monitored may have come from other firewall contexts. You can not designate which addresses to shun on which firewall/context.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: