Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Cisco Employee

IDSM with IPS5.1 " blocking" ?

IDSM2 with IPS5.1 (on cat65K sup 720 IOS 12.2SXF) will support ? Inline ? mode.But does it support ? blocking? as well ? ??

? CCO document says ?Supervisor 720 with Cisco IOS supports VACL deny statements; however, IDSM-2 cannot block with Cisco IOS-style VACLs.

? Here VACL deny means ? not consider to monitor that particular VLAN or IP address ? right ? OR is it like totally blocking the user traffic? Or blocking the connection from the respective host/connection/IP.

Cisco Employee

Re: IDSM with IPS5.1 " blocking" ?

Hi Rajan,

All sensors can block on supported network devices

regardless of whether the sensor is configured as

inline. In the case where an IDSM2 is installed on

a Catalyst switch running IOS, and the user wants

the sensor to block on the switch, the blocking

device should be specifed as a router. The sensor

will block with ACLs, not VACLs. Blocks can either

be unconditional (denying all packets from the

attacker) or connection oriented.

One point to keep in mind is that a sensor in inline

mode can also perform inline deny actions like "deny packet inline", "deny attacker inline", etc. These

deny actions are unrelated to the sensor blocking




Cisco Employee

Re: IDSM with IPS5.1 " blocking" ?

Hi Sean,

Thanks for your valuable info.Now IDSM can block on cat6k after selecting the blocking device as Router(initially I had selected as cat6K.I need to test the same with inline pairs after sometime.

CreatePlease to create content