IOS Firewall IDS

From: Matt Wagner (miguknom@xxxxxxxxxxx)
Date: Mon Jun 24 2002 - 01:30:25 GMT-3

• Next message: Tom Young: "access-list table"
• Previous message: elping: "Re: Ipsec over gre tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I have a question about the IDS function on Cisco IOS. The one of the last
commands to configure is the "ip audit po protected..." command. What does
it mean that the network is "protected"? At first pass I assumed that
"protected" meant that IDS would apply signatures to traffic destined to the
"protected" network thereby affording it "protection". However, I suppose
it could also mean that those networks are protected from having their
traffic audited, eh?

The reason it matters is that I want to inspect traffic entering my external
interfaces as well as traffic entering my internal interfaces. If I mark my
internal or DMZ networks as "protected", does that mean that they will not
have the "attack actions" applied to them?

I noticed that without the command configured at all I am still logging
signature matches, so I just don't get what this command does.

Matt

• Next message: Tom Young: "access-list table"
• Previous message: elping: "Re: Ipsec over gre tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:40 GMT-3