14-7
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting
Configuring Blocking Properties
Note We support VACL blocking on the Supervisor Engine and ACL blocking on the MSFC.
• PIX Firewall with version 6.0 or later (shun command)
–
501
–
506E
–
515E
–
525
–
535
• ASA with version 7.0 or later (shun command)
–
ASA 5510
–
ASA 5520
–
ASA 5540
• FWSM 1.1 or later (shun command)
You configure blocking using either ACLs, VACLS, or the shun command. All firewall and ASA models
support the shun command.
The following devices are supported for rate limiting by the ARC:
• Cisco series routers using Cisco IOS 12.3 or later:
–
Cisco 1700 series router
–
Cisco 2500 series router
–
Cisco 2600 series router
–
Cisco 2800 series router
–
Cisco 3600 series router
–
Cisco 3800 series router
–
Cisco 7200 series router
–
Cisco 7500 series router
Caution The ARC cannot perform rate limits on 7500 routers with VIP. The ARC reports the error but cannot rate
limit.
Configuring Blocking Properties
You can change the default blocking properties. It is best to use the default properties, but if you need to
change them, use the following procedures:
• Allowing the Sensor to Block Itself, page 14-8
• Disabling Blocking, page 14-9
• Specifying Maximum Block Entries, page 14-11
• Specifying the Block Time, page 14-13
• Enabling ACL Logging, page 14-14