Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
4
Helpful
3
Replies

IDS integration with the PIX Firewall

Go to solution
rolalo
Level 1
Level 1

‎02-11-2003 12:25 AM - edited ‎02-20-2020 10:33 PM

I am reading the Release Notes for Cisco Intrusion Detection System Sensor Version 3.0(1)S4, and I have stumbled on the new features of this version that it claims Integration with the PIX Firewall

How do you implement this? What kind of integration does it offer?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
stleary
Cisco Employee
Cisco Employee
In response to rolalo

‎02-11-2003 08:06 PM

Instructions for sensor and PIX basic configuration can be found here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid23

Instructions for sensor and PIX SSH configuration can be found here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid16

You can configure the sensor to connect to the PIX via telnet when

using the PIX inside interface, otherwise you must use SSH.

SSH with 3des encryption is supported in version 3.0 or later

sensors for PIX connections.

Caveat: If you want to use telnet with a version 6.2.1 or later PIX, or if

you want to use SSH with des encryption on any PIX, then you will

need a patch for your sensor. If so, open a TAC case and request

the latest engineering build of nr.managed. Reference

stleary@cisco.com for any questions.

View solution in original post

3 Replies 3

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎02-11-2003 01:56 PM

The IDS Sensor has a feature called shun/blocking (originally known as shun, but over time has become known as blocking).

When the IDS detects an attack it can be configured to connect to another Cisco device (through telnet or ssh with username/passwords), and then reconfigure the device to shun/block the ipaddress of the attacker.

When using IDS blocking feature with a Cisco router the sensor will telnet to the router and create an ACL which will deny the ip address of the attacker.

When using IDS blocking feature with a Pix the sensor will telnet/ssh to the pix and execute a special "shun " command on the pix. The Pix then blocks packets to or from that ip address on all of it's interfaces.

0 Helpful

Go to solution
rolalo
Level 1
Level 1
In response to marcabal

‎02-11-2003 06:49 PM

Thanks for the reply, Any template or configuration that I could follow?

I am using an IDS 4210 software version 3.01(S4).

and CSPM 2.3.1i.

0 Helpful

Go to solution
stleary
Cisco Employee
Cisco Employee
In response to rolalo

‎02-11-2003 08:06 PM

Instructions for sensor and PIX basic configuration can be found here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid23

Instructions for sensor and PIX SSH configuration can be found here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid16

You can configure the sensor to connect to the PIX via telnet when

using the PIX inside interface, otherwise you must use SSH.

SSH with 3des encryption is supported in version 3.0 or later

sensors for PIX connections.

Caveat: If you want to use telnet with a version 6.2.1 or later PIX, or if

you want to use SSH with des encryption on any PIX, then you will

need a patch for your sensor. If so, open a TAC case and request

the latest engineering build of nr.managed. Reference

stleary@cisco.com for any questions.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card