I use an IDSM and I've been trying to get the blocking feature to work for some time now. The sensor is running only in promiscuous mode and my goal is to use our FWSM or the Cisco 7301 Internet facing router to block off attacks however I cannot get either option to work.
When trying to block using the 7301 I get
"Unable to execute a host block [xxx.xxx.xxx.xxx] on [xxx.xxx.xxx.xx] because no blocking interfaces are configured name=errSystemError"
My IDSM configuration for the device is
Type = Cisco
IP = xxx.xxx.xxx.xxx
NATAddr = 0.0.0.0
Communications = ssh-3des
ResponseCapabilities = block|rateLimit
InterfaceName = GigabitEthernet0/2
InterfaceDirection = in
InterfacePreBlock = 100
InterfacePostBlock = 110
When trying the FWSM I get
errorMessage: firewall [xxx.xxx.xxx.xxx] can not perform this connection block : src ip [Public attacker IP] src port  dest addr [masqueraded internal IP] dest port . name=errSystemError
The special issue with the IDSM-FWSM is that I use VLAN capture to gather an entire VLAN transporting unencrypted data between our Co-Lo sites, my guess is that the IDSM OR the FWSM cannot understand which interface should be used with the shun.
Two different errors giving me the same problem, no blocking option. Anyone have any ideas?