I'm trying to configure remote blocking on one router interface. I added: ‘device login profile’, ‘blocking device’ and ‘router blocking device interfaces’. I see the IPS established connection with the router:
Extended IP access list IDS_FastEthernet0/1_in_0
10 permit ip host 10.0.10.15 any
20 permit ip any any (311041 matches)
And then I tried ping/udp flood and no one from these attacks are seeing under Monitor->Events (I enabled ‘show attack response controller events’).
When the traffic is going through IPS everything is logged properly; the problem is only with remote device (ARC). Are there any requirements which I missed?
Rack1IPS# show statistics network-access
LogAllBlockEventsAndSensors = true
EnableNvramWrite = false
EnableAclLogging = false
AllowSensorBlock = false
BlockMaxEntries = 250
MaxDeviceInterfaces = 250
Type = Cisco
IP = 188.8.131.52
NATAddr = 0.0.0.0
Communications = telnet
ResponseCapabilities = block
InterfaceName = FastEthernet0/1
InterfaceDirection = in
InterfacePostBlock = POST-ACL
BlockEnable = true
IP = 184.108.40.206
AclSupport = uses Named ACLs
Version = 0
State = Inactive
I tried also with post-acl but the results is the same.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...