CISCO IPS_Query

Unanswered Question
Aug 5th, 2008

Hi Team,

Is that possible to block traffics based on Source and destination in Cisco IPS 4200 series sensor.

IPS is installed in promiscous mode.

regars

Rajesh

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
rhermes Wed, 08/06/2008 - 08:36

yes, you can "shun" to a cisco firewall (PIX or ASA) or a cisco router. In both cases the IDS sensor will populate an ACL to block your attacker. You need to have some signatures action set to "shun" and of course enter the router/firewall information (IP, username, password) into your sensor.

Actions

This Discussion