Configuring The Sensor To Manage Cisco Firewalls - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring Blocking Devices

Configuring the Sensor to Manage Cisco Firewalls

To configure the sensor to manage Cisco firewalls, follow these steps:
Log in to the CLI using an account with administrator privileges.
Step 1
Enter network access submode:
Step 2
sensor# configure terminal
sensor(config)# service network-access
Set the IP address for the firewall controlled by Network Access Controller:
Step 3
sensor(config-net)# firewall-devices ip_address
Type the user profile name that you created in
Step 4
sensor(config-net-fir)# profile-name user_profile_name
Network Access Controller accepts anything you type. It does not check to see if the logical device
exists.
Designate the method used to access the sensor:
Step 5
sensor(config-net-fir)# communication [telnet | ssh-des | sh-3des]
If unspecified, SSH 3DES is used.
Note
Specify the sensor's NAT address:
Step 6
sensor(config-net-fir)# nat-address nat_address
Note
Exit network access submode:
Step 7
sensor(config-net-fir)# exit
sensor(config-net)# exit
sensor(config)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 8
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
10-24
If you are using DES or 3DES, you must use the command ssh host-key ip_address to accept
the key or Network Access Controller cannot connect to the device. For the procedure, see
Adding Hosts to the Known Hosts List, page
This changes the IP address in the first line of the ACL from the sensor's address to the NAT
address. This is not a NAT address configured on the device being managed. It is the address the
sensor is translated to by an intermediate device, one that is between the sensor and the device
being managed.
Configuring User Profiles, page
4-31.
to discard them.
no
Chapter 10 Configuring Blocking
10-17.
78-16527-01