Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Importing a Pix 501 configuration in VMS 2.2

I am trying to import a configuration into VMS 2.2. I am sure that all the passwords are correct and that all the IPs are correct. Is there a particular step(s) that I am omitting? Are there correct ways to actually discover your PIX in VMS IDSMC?

Thanks

Dwane

3 REPLIES
Cisco Employee

Re: Importing a Pix 501 configuration in VMS 2.2

Hi Dwane -

I am very sure that Pix cannot be imported into the IDS MC.

Are you actually trying to import the pix into the Pix MC?

thanks,

peter

New Member

Re: Importing a Pix 501 configuration in VMS 2.2

Yes, bad wording on my part. I would like to import it into the PIX MC. Do I need it in there so I can shun and block at the PIX?

Thank you and I apologize.

Dwane

Cisco Employee

Re: Importing a Pix 501 configuration in VMS 2.2

No, the PIX MC does not even need to be installed for the shunning feature for the IDS devices to work. When you configure the IDS MC to shun, you will configure the blocking devices parameters within the IDS MC. This will include the device type (Pix), the ip address, the username and password amongst other things.

Obviously, some of the signatures need to be tweaked to shun as a response to firing. Once a signature fires, the IDS will SSH or Telnet into the Pix and use the "shun" command available in the pix to block the connection.

There are some good pointers from the IDS team in other posts on this board regarding caution when using the Shun feature.

Hope this helps,

peter

104
Views
0
Helpful
3
Replies