The Pix just needs to be configured to allow the sensor's IP address to telnet or ssh to the Pix.
The sensor needs to be configured to know the Pix's IP address, as well as the type of connection (telnet, or ssh) and the appropriate usernames and passwords to access the Pix.
The sensor will connect to the Pix and use a special "shun" command on the Pix. When using the Pix for blocking, the IDS does not create ACLs (like it does on the router) instead it executes the special "shun" command directly in the Pix's CLI. You can log into the Pix and use the "show shun" command to see what addresses that the sensor has blocked through the Pix's shun command.
If you are using tacacs to limit the commands available to the user ID provided for login from the IDS sensor then I recommend doing the following:
Configure the Pix to allow a telnet connection from the sensor to the Pix with a userid that doesn't have any command restrictions.
Configure the sensor to telnet (instead of ssh) to the Pix.
Use tcpdump or another sniffer program to monitor the traffic between the sensor and the Pix.
Have the sensor block a few ip addresses.
If you analyze the captured traffic you will what commmands the sensor is executing in the Pix CLI. These are the commands that tacacs would need to allow for the userid being used for the sensor.
Then I would suggest switching from telnet to ssh for encrypted communications and locking down the list of available commands through tacacs if you so desire.
NOTE: I don't believe there is a documented list of which commands the sensor uses on the Pix CLI so the tcpdump method is the best nethod to find out what they are.
Now, I get the following error when I try to add a blocking device to my IDS sensor:
Error: errNotFound Net device references a shun device config record that does not exist. Attempted configuration update was rejected. [0,3]
Any idea why this error is generated?
The sensor knows the firewall's IP, the username, the enable password, and the remote access password. SSH is enabled on the firewall. I tried adding the firewall as a trusted host, but I get the error:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :