Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configuring IDS-4210 to shun on a 2610.

When setting up the IDS it asks for a pre-block and a post-block ACL. I currently have an ACL on my interface; this will be my post-block ACL (correct?). I also have two interfaces in my router; I assume I will add two interface to the IDS? Thanks, H

2 REPLIES
Bronze

Re: Configuring IDS-4210 to shun on a 2610.

WRT the pre-block ACL, you are correct. Your current production ACL name would be used so that the sensor reapplies it after a shun has been completed.

WRT added two interfaces to your IDS, it will depend on how and what you want to shun. If you simply want to block troublesome IP addresses from the Internet, setting up incoming shunning on the interface that connects to the Internet will do the trick. If your desire is to prevent users / systems on your network from doing nasty thing s to anything connected to the other side of the router, then a similar configuration on this interface is appropriate. IMHO, the only time you'd use both interfaces is if you're trying to shun a very specific activity from going through the router (say, for example, telnet usage).

I hope this helps,

Alex

New Member

Re: Configuring IDS-4210 to shun on a 2610.

Sorry, what I ment to say was that I have 2 serial interfaces and 1 ethernet interface. I want to apply the blocking to both serial interfaces, currently I have two ACL's (one for each). So I will need to set up two more on my router as well as on the IDS. Thanks, H

134
Views
0
Helpful
2
Replies