Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS4260 shunnig on FWSM multiple-context

Hello,

I have an IPS-4260 in promiscous mode, "IDS mode". I have to configure it to use an FWSM as a blocking device but I am not really sure about how to do it because I'm using multiple-context mode in the FWSM. I only want to shun traffic in one context (this is not the admin context).

When I configure the blocking devices in the IPS, should I configure the context as if it is an standalone firewall? Meaning that the IP address configured there would be an IP address to login directly into that context? Therefore, the IPS should have IP conectivity to that context in order to login to it, rigth?

Thanks in advanced for your help.

2 REPLIES

Re: IPS4260 shunnig on FWSM multiple-context

Yes the IPS will login to the FWSM just like a normal user. If you are using telnet,

telnet sensor-ip /32 interface

IF you are using ssh:

ssh sensor-ip /32 interface

Also in SSH there is an additional step, make sure the ASA is in the IPS's SSH Trusted Hosts/Keys.

Regards

Farrukh

Cisco Employee

Re: IPS4260 shunnig on FWSM multiple-context

You are correct.

From the sensor standpoint you will treat each FWSM context as a unique firewall with it's own IP address unique to that context.

Understand that the IPS will send the same shun commands to every firewall (or every context) that is being managed.

So in your case the sensor will send all shuns to your firewall context even though some of the traffic being monitored may have come from other firewall contexts. You can not designate which addresses to shun on which firewall/context.

160
Views
0
Helpful
2
Replies
CreatePlease to create content