Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

14-28

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting

Configuring the Sensor to be a Master Blocking Sensor

sensor(config-net)#

Step 3 Specify the IP address for the firewall controlled by the ARC.

sensor(config-net)# firewall-devices ip_address

Step 4 Enter the user profile name that you created when you configured the user profile. ARC accepts anything

you type. It does not check to see if the logical device exists.

sensor(config-net-fir)# profile-name user_profile_name

Step 5 Specify the method used to access the sensor. If unspecified, SSH 3DES is used.

sensor(config-net-fir)# communication {telnet | ssh-3des}

Note If you are using 3DES, you must use the command ssh host-key ip_address to accept the key or

the ARC cannot connect to the device.

Step 6 Specify the sensor NAT address.

sensor(config-net-fir)# nat-address nat_address

Note This changes the IP address in the first line of the ACL from the IP address of the sensor to the

NAT address. This is not a NAT address configured on the device being managed. It is the

address the sensor is translated to by an intermediate device, one that is between the sensor and

the device being managed.

Step 7 Exit network access submode.

sensor(config-net-fir)# exit

sensor(config-net)# exit

sensor(config)# exit

Apply Changes:?[yes]:

Step 8 Press Enter to apply the changes or enter no to discard them.

For More Information

• For the procedure for configuring user profiles, see Configuring User Profiles, page 14-20.

• For the procedure for adding a device to the known hosts list, see Adding Hosts to the SSH Known

Hosts List, page 4-45.

Configuring the Sensor to be a Master Blocking Sensor

Multiple sensors (blocking forwarding sensors) can forward blocking requests to a specified master

blocking sensor, which controls one or more devices. The master blocking sensor is the ARC running on

a sensor that controls blocking on one or more devices on behalf of one or more other sensors. The ARC

on a master blocking sensor controls blocking on devices at the request of the ARCs running on other

sensors. Master blocking sensors can also forward rate limits.

previous next