IPS shun request to FWSM

Dileep Sivadas Padmini · ‎11-05-2009

Hi,

Does it possible to configure IPS to send shun request to a FWSM module?

On IME there are only three device type to configure shun request

1 PIX /ASA

2. Cat6K

3. Cisco Router

Regards

Dileep

Panos Kampanakis · ‎11-06-2009

You can use PIX/ASA and do the shun on an FWSM. The command has the same syntax on both units.

I hope it helps.

PK

Dileep Sivadas Padmini · ‎11-06-2009

I have used the PIX/ASA type.

At that time FWSM logs revealed that IPS has initiated a SSH session to FWSM , but no shun is happening.

verified it by " show shun" command.

Here FWSM is configured in transparent mode having two BVI group.

And both IPS and FWSM BVI IPs are in same management VLAN.

Is any special configuration is required in transparent mode configuration?

i will post the detail logs in FWSM on coming Monday.

thanks

Dileep

Dileep Sivadas Padmini · ‎11-09-2009

Issue solved ,after adding FWSM ssh key to IPS (known host keys)

If you do not add, you will get a syslog message like this.

"SSH session from on interface for user "" disconnected by SSH server, reason: "TCP connection closed" (0x03)"

thanks

Dileep