When setting up the IDS it asks for a pre-block and a post-block ACL. I currently have an ACL on my interface; this will be my post-block ACL (correct?). I also have two interfaces in my router; I assume I will add two interface to the IDS? Thanks, H
WRT the pre-block ACL, you are correct. Your current production ACL name would be used so that the sensor reapplies it after a shun has been completed.
WRT added two interfaces to your IDS, it will depend on how and what you want to shun. If you simply want to block troublesome IP addresses from the Internet, setting up incoming shunning on the interface that connects to the Internet will do the trick. If your desire is to prevent users / systems on your network from doing nasty thing s to anything connected to the other side of the router, then a similar configuration on this interface is appropriate. IMHO, the only time you'd use both interfaces is if you're trying to shun a very specific activity from going through the router (say, for example, telnet usage).
Sorry, what I ment to say was that I have 2 serial interfaces and 1 ethernet interface. I want to apply the blocking to both serial interfaces, currently I have two ACL's (one for each). So I will need to set up two more on my router as well as on the IDS. Thanks, H
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...