Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can the IPS send block messages to the router?

Hi All!

I was told by an engineer that the IPS sensor can be configured to configure a timed ACL on a router based on IPS alerts it receives (to block a specific IP address for example). Is this true? I did a search but as you can imagine all the results that are returned are for configuring IPS on the router (IOS IPS).

Can anyone point me to a document or somewhere I can get more info?

Thanks much!

Regards,

Xavier

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Can the IPS send block messages to the router?

Xavier -

You were told correctly, Cisco IPS Sensors can create a temporary ACL in Cisco IOS routers and Cisco PIX/ASA Firewalls. The feature you are looking for is called "Shunning" or "Blocking".

You need to enable shunning for the signatures you wish to shun, and configure the IPS sensor with the necessary credentials, interface and direction on the router you want the ACL to appear.

Here is a CLI configuration example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080afe111.shtml

And here is an IME configuration example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00801c0e3c.shtml

- Bob

2 REPLIES
Gold

Can the IPS send block messages to the router?

Xavier -

You were told correctly, Cisco IPS Sensors can create a temporary ACL in Cisco IOS routers and Cisco PIX/ASA Firewalls. The feature you are looking for is called "Shunning" or "Blocking".

You need to enable shunning for the signatures you wish to shun, and configure the IPS sensor with the necessary credentials, interface and direction on the router you want the ACL to appear.

Here is a CLI configuration example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080afe111.shtml

And here is an IME configuration example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00801c0e3c.shtml

- Bob

New Member

Can the IPS send block messages to the router?

Exactly what I needed! Thanks

548
Views
0
Helpful
2
Replies
CreatePlease to create content