Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDSM-2 email question

I have a 6500 with an IDSM-2.  I'm getting request for email notification on certain signature hits and need to know if it's possible before spending a lot of time configuring.. Thanks in advance for any replies...

Here's the scenairo:

I currently have the IDSM-2 inline on the outside of our network.... 

Internet ---> Router----> IDSM-2---FWSM---> Router ---->internal network

I know this is not the conventional way to use (by cisco's TAC eng), but it works in this solution.  I have multiple PAT addresses on the FWSM. If one is blocked by the IDSM-2 they'd like to get a notification. That would mean something inside is generating suspicious traffic outbound. They have internal systems that check this as well but they'd like an email just for the PATs only...

All other blocks will go to through the normal notification processes....

  • Intrusion Prevention Systems/IDS
2 REPLIES
Gold

IDSM-2 email question

There isn't an option for Emailing alerts from the IPS Sensors (including the IDSM).

You can configure all your blocking signatures to generate an SNMP Trap and have your SMNP Receiver alert you to the event.

_ bob

IDSM-2 email question

Yes there is no Emailing option in IPS. You have to configure the SNMP trap for the same.

955
Views
0
Helpful
2
Replies