42-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 42 Configuring Attack Response Controller for Blocking and Rate Limiting
Blocking Page
Router, Firewall, Cat6K Device Dialog Box
Use the Add or Modify Router, Firewall, or Cat6K Device dialog box to configure a device as a blocking
device for an IPS sensor. The name of the dialog box indicates the type of device you are adding:
Router—IOS Software routers and Catalyst 6500/7600 devices. These devices can do rate limiting
as well as blocking. See Understanding Router and Switch Blocking Devices, page42-4.
Firewall—ASA and PIX appliances.
Cat6K—Catalyst 6500/7600 devices that are running Catalyst OS software.
Tip If the Catalyst 6500/7600 runs Cisco IOS Software, add the device as a router on the Router tab. Do not
add the device to the Cat6K tab.
Navigation Path
From the IPS Blocking policy, select the Router, Firewall, or Catalyst 6K tab and click the Add Row
button or select an existing row and click the Edit Row button. For information on opening the Blocking
policy, see Blocking Page, page 42-8.
Field Reference
Table42-5 Router, Firewall, Cat6K Device Dialog Boxes
Element Description
IP Address The IP address of the device. Enter the IP address or the name of a
network/host policy object that contains a single host address, or click
Select to select an object from a list or to create a new one.
Communication Type The communication mechanism used to log in to the blocking device
(SSH 3DES, SSH DES, Telnet). The default is SSH 3DES.
If you choose SSH 3DES or SSH DES, you must add the device to the
known hosts list. The easiest way to add the device to the known hosts
list is to use the IPS Device Manager (IDM) to log into the sensor,
choose Configuration > Sensor Management > SSH > Known Host
Keys > Add Known Host Key, and add the device address.
Alternatively, you can log into the sensor CLI, enter configuration
mode, and use the ssh host-key command.
NAT Address The NAT address of the sensor, if any is used between the sensor and
the blocking device. Enter the NAT address or the name of a
network/host policy object that contains a single host address, or click
Select to select an object from a list or to create a new one. Leave the
default 0.0.0.0 if NAT is not used.
Profile Name The login profile used to log in to the blocking device. You must create
this profile on the User Profiles tab of the blocking policy or the IPS
cannot successfully use this blocking device.