Avatar of eggster34
eggster34 asked on

Bypass IDS for certain IP addresses on PIX515

Hi

I have the basic IDS system on my PIX enabled via the below commands

ip audit name INFOPOLICY info action alarm
ip audit name ATTACKPOLICY attack action alarm drop reset
ip audit interface outside INFOPOLICY
ip audit interface outside ATTACKPOLICY
ip audit interface inside INFOPOLICY
ip audit interface inside ATTACKPOLICY
ip audit interface dmz1 INFOPOLICY
ip audit interface dmz1 ATTACKPOLICY
ip audit interface dmz2 INFOPOLICY
ip audit interface dmz2 ATTACKPOLICY
ip audit interface dmz3 INFOPOLICY
ip audit interface dmz3 ATTACKPOLICY

How can I configure the ip audit system to bypass a list of ip addresses and allow them in?
Cisco

Avatar of undefined
Last Comment
debuggerau

8/22/2022 - Mon
debuggerau

IDS is related to the interface, not IP address.

I don't know if you can configure a virtual interface and apply a audit policy for that, but if possible, I hope someone can enlighten us both...
ASKER
eggster34

what I meant was, when you apply IDS to the outside interface, how can you define a list of hosts to bypass the scrutiny of the IDS sensor?
debuggerau

You can list hosts that should not be scanned for threat detection, but if you enable basic protection, you will need to disable, remove or change the IDS signatures for the whole unit, not per IP address...

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER CERTIFIED SOLUTION
debuggerau

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question