Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking a host by applying ACL in PIX through IDS 4230

Hi ,

I want that the IDS should apply an acl to PIX when it detects an attack.I have tested this and found that cspm(2.3.3i)says that it has applied the acl and also shows in the event viewer that the ip address is blocked.But when I see the access-list in the PIX there is no entry..and I am able access everything even though the cspm says it is blocked.

The same functionality I have tested with 2611 router and everything works fine..as ids and cspm adds a acl in the router.

Do I need to upgrade any IOS to resolve this issue ? or am I missing something ?

The software version used during the testing was

sensor (4230) - 3.0(1)s4

PIX 535 - 6.0(1)

CSPM - 2.3.3 i

Kind Regards /Thangavel

1 REPLY
New Member

Re: Blocking a host by applying ACL in PIX through IDS 4230

The PIX does not handle attacks in the same manner in which a router being used to block will. Where as the router will apply an acl, the PIX will use the "shun" command. The will be no acl added on the PIX when it detects an attack.

All of the versions that you have listed will work for shunning on the PIX. I would suggest that you look closer at your configuration. Take a look at the link below. You can issue the "show shun" command on the pix to see what is being shunned.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/pixrn601.htm#75046

106
Views
0
Helpful
1
Replies
CreatePlease login to create content