Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX redundant pair(s) and shuning from IDS

Looks like an IDS sensor will lost communication with PIX firewall(s) if primary will failover to secondary in the redundant pair (if SSH used as a transport method - public key will be diff for the same IP). Unfortunately I don't think there is an event/alert from IDS about the problem.

Is anyway to prevent/recognize it? Is anyway to share SSH keys in redundant PIX setup?

4 REPLIES
New Member

Re: PIX redundant pair(s) and shuning from IDS

You have correctly diagnosed the problem and as far as I am aware there is no known fix.

New Member

Re: PIX redundant pair(s) and shuning from IDS

hi,

the reason for the 'communication breakdown' is the (ssh-)hostkey-checking in the redhat-os of the sensor.

here's a 'dirty' trick that work for me.

login to the sensor with the service account and type the following commands:

su

type in the password of the service account again

cd /etc/ssh/

edit the ssh_config - file

uncomment the following line:

StrictHostKeyChecking no (that means delete the # in front)

save the ssh_config - file

now you have disabled the strict check. unfortunately this is a global option!

New Member

Re: PIX redundant pair(s) and shuning from IDS

This may be a good temporary solution, but I am not tremendously happy with this as a long term approach. It tends to defeat the benefits of using SSH for communications.

Any idea as to whether a better solution is available or in development?

Regards,

Chad Giulini

Cisco Employee

Re: PIX redundant pair(s) and shuning from IDS

There is a DDTS Issue created for this:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb36035

I am not sure what release it will be addressed in.

127
Views
8
Helpful
4
Replies
CreatePlease to create content