06-30-2003 05:13 AM - edited 02-21-2020 10:07 AM
Hello,
I have a PIX running version 6.3(1). The PIX is configured to use a CSACS 3.1 Server for AAA Authentication and Authorization over TACACS+. The sensor is running 4.0(2)Sig46.
Before adding AAA to the PIX, the sensor was able to connect and set up shuns correctly. Since adding the AAA configuration to the PIX, I've been unable to get the sensor to connect to the PIX for shunning.
I created a login/password with admin rights for the IDS Sensor to connect for creating shuns. I able to manually authenticate and build shuns over both a Telnet and SSH connection using this login. I have tried deleting and re-adding the blocking device several times.
When I configure the PIX as a Telnet blocking device, I see the Net Device State as "initializing" when looking at the statistics in the IDM. When I configure the PIX as an SSH-DES blocking device, I see the state as "Inactive".
Please let me know if you have any suggestions - if not I guess I'll open a case with TAC. Thanks in advance for the assistance!
Regards,
Chad
Solved! Go to Solution.
06-30-2003 04:10 PM
Make sure the PIX is in the allowed host list. From the cli, type
config term
ssh host-key (ip of pix interface)
Verify that you have associated the pix with the correct
logical device. The logical device record contains the username,
password and enable password. Using IDM, It is selected from a
pulldown list on the blocking devices page.
06-30-2003 10:41 AM
Make sure your PIX basic access password and the TACACS+ password
are the same.
This may not have found its way into the 4.0 documentation
yet, but can be found here in the 3.1 docs (see step 4):
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#13213
06-30-2003 12:54 PM
OK, I have tried this. I have also tried setting the TACACS user password and enable password to mirror the basic password and enable password on the PIX. I am still seeing the same "initializing" state when I check on the status through the IDM.
Do you have any other suggestions? I've tried the configuration through the IDS MC and more directly through the IDM. I see the same status regardless.
Thanks again,
Chad
06-30-2003 04:10 PM
Make sure the PIX is in the allowed host list. From the cli, type
config term
ssh host-key (ip of pix interface)
Verify that you have associated the pix with the correct
logical device. The logical device record contains the username,
password and enable password. Using IDM, It is selected from a
pulldown list on the blocking devices page.
07-01-2003 04:02 AM
ssh host-key was the piece that resolved the problem.
Thanks again for the assistance.
Chad
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: