Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS in PIX Cisco Firewall

Hi All,

Which PIX Image Version supports for IDS feature set... ? How can I update the IDS signature in the PIX ??


Cisco Employee

Re: IDS in PIX Cisco Firewall

I believe the 1st Pix version to support IDS was 5.2(1) according to the Pix Release Notes.

All later version of the Pix should support IDS.

In Pix 6.0 there is support for interoperability with IDS sensors. IDS sensors are now able to connect to the Pix and change the Pix configuration to block ip addresses using a new "shun" command on the Pix.

As for updating signatures. You can configure the signatures using the ip audit command.

Refer to:

As for new signatures: The signatures are hard coded in the Pix source code and users can not add their own custom signatures. New signatures would have to be included as part of a new Pix software version.

I would suggest either calling the TAC to request that more signatures be added to the Pix IDS feature, or begin a discussion on the Pix Net Pro Forum. The IDS Net Pro Forum is primarily monitored by developers of the IDS-42xx applliances and the WS-x6381-IDS Module for the Cat 6000. To get the attention of the Pix developers I would recommend posting on the Firewall forum.

New Member

Re: IDS in PIX Cisco Firewall


thanks for you reply...btw have you ever configured VPN + NAT using cspm 232f ? I've never been successful to configure this ? I won't work VPN+NAT...How can I solve this problem... or CSPM is not intended for configuring VPN with NAT. Because I can configure VPN+NAT using CLI..


Cisco Employee

Re: IDS in PIX Cisco Firewall

I'm only familiar with the CSPM 2.3.3i versions for IDS management and not the Firewall/IOS router management versions.

I'll ask around though and see if any one here is familiar.

You could also try the Firewall Forum.

Cisco Employee

Re: IDS in PIX Cisco Firewall

Here's a response I got from one of the CSPM developers:


CSPM can configure VPN with NAT. It can also support NO-NAT configuration with IPSec for both PIX and IOS.

Please see the page for more info on CSPM3.0.


Please see the design guide, which describes some common customer scenarios and how-to accomplish that in CSPM3.0. All the cases contains cpm files, so it should be pretty easy to play with.