how to configure pix to let IDS traffic go through

xwang2 · ‎10-09-2002

need a configuration sample on pix to let IDS traffic go though pix. The director is inside a pix firewall and the sensor is outside the pix.

skeetin44 · ‎10-09-2002

Hello,

It sounds like you are trying to pass Cisco Post office protocol. If this is true, you would built your access-lists to permit udp 45000 between the two hosts.

192.168.1.1 is director.

172.16.1.1 is the c&c interface of the IDS.

inside is the name of the inside interface (where director is located)

outside is the name of the outside interface (the same interface on the pix where the the c&c interface is located)

access-list inside_acl permit udp host 192.168.1.1 eq 45000 host 172.16.1.1 eq 45000

access-list outside_acl permit udp host 172.16.1.1 eq 45000 host 192.168.1.1 eq 45000

access-group inside_acl in interface inside

access-group outside_acl in interface outside

If this is for a production network, you may want to contact TAC, to make sure this is best deployment. You would normally not want to put the command and control interface on the outside interface of your pix, without some encryption. Encryption features are available, that can be used for remote deployment of a director and an IDS sensor. If you decide to use encryption, then the access-lists above will be useless.

Hope this helps....

xwang2 · ‎10-09-2002

Many thanks, it is work