Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configure PIX 501 for IDS

I have a PIX 501 with a broadband connection to the outside and a home office LAN on the inside. What would be a solid IDS policy to activate and what interfaces should it be applied to? Will there be any other necessary steps to activate IDS?

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Configure PIX 501 for IDS

IDS on the PIX itself is very limited, it only checks for 59 signatures listed here (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid9 under the Supported IDS signatures section). The signatures themselves are the fairly basic ones.

If you do want to enable this, then for the attack signatures I'd set the action to alarm/drop/reset, which is default anyway.

You'll also want to set up logging to a syslog server and monitor it for any 4000nn syslog messages, cause these will be IDS events.

1 REPLY
Cisco Employee

Re: Configure PIX 501 for IDS

IDS on the PIX itself is very limited, it only checks for 59 signatures listed here (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid9 under the Supported IDS signatures section). The signatures themselves are the fairly basic ones.

If you do want to enable this, then for the attack signatures I'd set the action to alarm/drop/reset, which is default anyway.

You'll also want to set up logging to a syslog server and monitor it for any 4000nn syslog messages, cause these will be IDS events.

201
Views
0
Helpful
1
Replies
This widget could not be displayed.