Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS 4240 6.1(1)E2 failing the shun command to a 7.2(4) PIX

Command per the event store: "no shut (outside)" failing at keyword outside, which within the CLI, doesn't work. Keyword outside not within the command.

4 REPLIES
Gold

Re: IPS 4240 6.1(1)E2 failing the shun command to a 7.2(4) PIX

There are a few possible causes to your problem. One may be the PIX username may not have permission to issue a shun.

To really see what is happening between the sensor and the PIX, have the sensor log into the PIX via telnet. Use Ethereal/Wireshark to capture the session on the wire and then use the "rebuild session" feature in Ethereal/Wireshark. This will show you exactly where things are going wrong.

New Member

Re: IPS 4240 6.1(1)E2 failing the shun command to a 7.2(4) PIX

Actually found the answer by testing. Turns out, when I upgraded the IPS, there was an existing SHUN on the PIX. Once it was ugraded, it could not remove it and I believe that was the source of the errors. Only a hypothesis, but at this point, there may have been some change in method for posting and removing shuns. I removed the existing shun manually and all is now well.

Gold

Re: IPS 4240 6.1(1)E2 failing the shun command to a 7.2(4) PIX

When you use a sensor to issue shuns on a firewall, the sensor thinks it "owns" all the shuns on the firewall, reguardless of how they were orginally entered (manually or by an IDS). When a sensor reboots (or the shun proces restarts) the sensor will attempt to clear all existing shuns on the firewall. This has caused some problems when there have been manauly entered shuns on the firewall. If you use more than one sensor, its important to make one the Master Block Sensor to prevent shun contention.

Cisco Employee

Re: IPS 4240 6.1(1)E2 failing the shun command to a 7.2(4) PIX

This is a known bug: CSCsq22506

Until it is fixed, the workaround is:

clear all the shuns on PIX/firewall/FWSM before sensor connect/reconnect to the device.

128
Views
0
Helpful
4
Replies