Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
2
Replies

IDS 4210 Shunning to Router ACL's

bbenton
Level 1
Level 1

‎01-30-2003 04:59 AM - edited ‎02-20-2020 09:20 PM

While testing shunning to a router, the acl's it creates and uses creates entries at the bottom of the acl's. If you have a permit statement at the end of the preshun acl, such as permit ip any any, the shun will have no effect.

Does it always append to the end of an acl? I understand that permitting only the traffic you need and blocking all else is the preferred method, but sometimes that just isn't possible. Is there a workaround or am I missing the boat here? Why wouldn't the entries be made at the top of the acl, where it seems more appropriate anyway? (I do understand permits should always be first so that permitted traffic doesn't have to traverse the acl deeper than necessary for performance reasons.)

Labels:
0 Helpful
2 Replies 2

stleary
Cisco Employee
Cisco Employee

‎01-30-2003 06:30 AM

Place the ACL statements that should precede the sensor shuns in a

preshun acl. Place the ACL statements that should follow the sensor

shuns in postshun acl. In your example, the permit ip any any statement

would be deleted from the preshun ACL and added to the postshun ACL.

0 Helpful

bbenton
Level 1
Level 1
In response to stleary

‎01-30-2003 07:38 AM

That works, of course. Thanks!!

0 Helpful
Customers Also Viewed These Support Documents