02-11-2003 12:25 AM - edited 02-20-2020 10:33 PM
I am reading the Release Notes for Cisco Intrusion Detection System Sensor Version 3.0(1)S4, and I have stumbled on the new features of this version that it claims Integration with the PIX Firewall
How do you implement this? What kind of integration does it offer?
Solved! Go to Solution.
02-11-2003 08:06 PM
Instructions for sensor and PIX basic configuration can be found here:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid23
Instructions for sensor and PIX SSH configuration can be found here:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid16
You can configure the sensor to connect to the PIX via telnet when
using the PIX inside interface, otherwise you must use SSH.
SSH with 3des encryption is supported in version 3.0 or later
sensors for PIX connections.
Caveat: If you want to use telnet with a version 6.2.1 or later PIX, or if
you want to use SSH with des encryption on any PIX, then you will
need a patch for your sensor. If so, open a TAC case and request
the latest engineering build of nr.managed. Reference
stleary@cisco.com for any questions.
02-11-2003 01:56 PM
The IDS Sensor has a feature called shun/blocking (originally known as shun, but over time has become known as blocking).
When the IDS detects an attack it can be configured to connect to another Cisco device (through telnet or ssh with username/passwords), and then reconfigure the device to shun/block the ipaddress of the attacker.
When using IDS blocking feature with a Cisco router the sensor will telnet to the router and create an ACL which will deny the ip address of the attacker.
When using IDS blocking feature with a Pix the sensor will telnet/ssh to the pix and execute a special "shun
02-11-2003 06:49 PM
Thanks for the reply, Any template or configuration that I could follow?
I am using an IDS 4210 software version 3.01(S4).
and CSPM 2.3.1i.
02-11-2003 08:06 PM
Instructions for sensor and PIX basic configuration can be found here:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid23
Instructions for sensor and PIX SSH configuration can be found here:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm#xtocid16
You can configure the sensor to connect to the PIX via telnet when
using the PIX inside interface, otherwise you must use SSH.
SSH with 3des encryption is supported in version 3.0 or later
sensors for PIX connections.
Caveat: If you want to use telnet with a version 6.2.1 or later PIX, or if
you want to use SSH with des encryption on any PIX, then you will
need a patch for your sensor. If so, open a TAC case and request
the latest engineering build of nr.managed. Reference
stleary@cisco.com for any questions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide