Can I configure IDS on the PIX. I have looked through the documentation on the Cisco web site but could not find anything except how to configure shunning on a PIX using Cisco IDS UNIX Director. I don't want to use any external device and would like to use only the PIX. On the Cisco router with firewall features set you can configure IDS. So can I perform the same on the PIX or do I have to use external devices like sensors.
Absolutely. As a matter of fact, the setup is very similar to IOS IDS. So if you have a familiarity with IOS IDS, you should have a head start. Take a look at the following from the command ref and if you have specific questions, let me know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...