Solved: Configure PIX 501 for IDS

joel-metz · ‎10-30-2002

I have a PIX 501 with a broadband connection to the outside and a home office LAN on the inside. What would be a solid IDS policy to activate and what interfaces should it be applied to? Will there be any other necessary steps to activate IDS?

gfullage · ‎10-30-2002

IDS on the PIX itself is very limited, it only checks for 59 signatures listed here (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid9 under the Supported IDS signatures section). The signatures themselves are the fairly basic ones.

If you do want to enable this, then for the attack signatures I'd set the action to alarm/drop/reset, which is default anyway.

You'll also want to set up logging to a syslog server and monitor it for any 4000nn syslog messages, cause these will be IDS events.

View solution in original post

gfullage · ‎10-30-2002

IDS on the PIX itself is very limited, it only checks for 59 signatures listed here (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid9 under the Supported IDS signatures section). The signatures themselves are the fairly basic ones.

If you do want to enable this, then for the attack signatures I'd set the action to alarm/drop/reset, which is default anyway.

You'll also want to set up logging to a syslog server and monitor it for any 4000nn syslog messages, cause these will be IDS events.