Ive been working on the IPS today virtual sensors, blocking and shunning
etc.
When shunning to the ASA the host block goes in ok but when I delete the
block on the IPS, the appliance is unable to remove the SHUN from the ASA.
I get a load of the errors below. The syntax for the shun removal is
incorrect. So the device will be permantly shunned unless you remove
manually.
Is this an effect of the ASA v8 code, or the new IPS code?
evError: eventId=1238424945926627983 vendor=Cisco severity=error
originator:
hostId: IPS
appName: nac
appInstanceId: 24447
time: May 24, 2009 10:23:41 UTC offset=0 timeZone=UTC
errorMessage: ERROR: Syntax error from invalid input at device [PIX] IP
[10.2.2.10] state [Active]Text from device:
no shun (outside)
no shun (outside)
^
ERROR: % Invalid Hostname
asa# name=errSystemError
--
Stuart Hare
[email protected]
