I am trying to using "Block ACLs" using IDS on a Cisco Router. After required configuration, I can see the IDS sensor logged into the router but no-preblock ACL gets configured. Thus also no Blocking occurs after the signature hit.
There are no pre-configured ACLs on the router. The IDS sensor login to the router using a local username\password and an enable password.
Is there any trouble-shooting that i can do to find the fix for this ?
You didn't mention what version of IDS/IPS software you're running? There could be an issue with the pager in the command output when the IDS logs into the router. If the router inserts a 'More' prompt into a 'show running' or 'show config' response in the middle of a interface block, the IDS may be unable to recognize the interface correctly.
As a workaround you can probably turn off paging on the router. (i.e., term length 0)
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...