Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS with Pix 515E

We have a UR license, does this include the

the ids module? When I look at the policy to interface mappings it shows none and does not give options. Missing something? thanks.

2 REPLIES

Re: IDS with Pix 515E

All PIX Family does not have any IDS/IPS module. It comes as a fraction of IDS embedded in PIX software. For Cisco Firewall series, only ASA has the IPS/SSM module.

PIX IDS inspection/signatures features is limited to less than 60 well-known signatures.

You can activate this feature using "ip audit" command where you can create an IDS info function (assign name) to scan/detect incoming intrusion attempts by creating alarm, and a function to detect traffic matching the intrusion signatures by dropping/resetting the connection.

PIX(config)#ip audit name SCAN info alarm

PIX(config)#ip audit name BLOCK attack drop reset

PIX(config)#ip audit interface outside SCAN

PIX(config)#ip audit interface outside BLOCK

See the following url and look under Table 9-7 Commands on how to create and apply IDS feature in PIX:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172797.html#wp1097310

HTH

AK

Re: IDS with Pix 515E

BTW, the license upgrade from Restricted to UnRestricted is meant for the following (not for IDS/IPS):

- Maximum number of physical and virtual interfaces supported

- Maximum number of concurrent firewall and VPN connections supported

- Maximum amount of RAM included

- Maximum VPN performance via integrated hardware VPN acceleration (Cisco VPN Accelerator or Cisco VPN Accelerator+)

- Active/Active stateful failover support (requires similar Cisco PIX Security Appliance model with Failover-Active/Active license)

- Active/Standby stateful failover support (requires similar Cisco PIX Security Appliance model with Failover or Failover-Active/Active license)

- Security context support, with two security contexts included as part of the UR license

- GTP inspection* support, when a GTP Feature License is also installed on the system

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html

558
Views
0
Helpful
2
Replies
CreatePlease to create content