IPS 4240 - need help
jworley
Member Posts: 39 ■■□□□□□□□□
I have some IPS 4240s. I've NEVER worked with these before, and the IOS is... well... completely different. I'm trying to simply put an IP on them so I can telnet or ssh into them. Below is my configuration. As you'll see... I really haven't done anything to the configuration out of the box. Thanks!!
! Current configuration last modified Wed Aug 06 07:24:40 2008
!
! Version 6.0(4)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S317.0 2008-02-13
! Virus Update V1.2 2005-11-24
!
service interface
physical-interfaces GigabitEthernet0/0
admin-state enabled
exit
physical-interfaces Management0/0
subinterface-type none
exit
exit
!
service authentication
exit
!
service event-action-rules rules0
exit
service host
network-settings
host-ip 10.10.25.11/22,10.10.25.2
host-name sensor
telnet-option enabled
exit
time-zone-settings
offset 0
standard-time-zone-name UTC
exit
exit
!
service logger
exit
!
service network-access
exit
!
service notification
exit
!
service signature-definition sig0
exit
service notification
exit
!
service signature-definition sig0
exit
!
service ssh-known-hosts
exit
!
service trusted-certificates
exit
!
service web-server
exit
!
service anomaly-detection ad0
exit
!
service external-product-interface
exit
!
service analysis-engine
exit
! Current configuration last modified Wed Aug 06 07:24:40 2008
!
! Version 6.0(4)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S317.0 2008-02-13
! Virus Update V1.2 2005-11-24
!
service interface
physical-interfaces GigabitEthernet0/0
admin-state enabled
exit
physical-interfaces Management0/0
subinterface-type none
exit
exit
!
service authentication
exit
!
service event-action-rules rules0
exit
service host
network-settings
host-ip 10.10.25.11/22,10.10.25.2
host-name sensor
telnet-option enabled
exit
time-zone-settings
offset 0
standard-time-zone-name UTC
exit
exit
!
service logger
exit
!
service network-access
exit
!
service notification
exit
!
service signature-definition sig0
exit
service notification
exit
!
service signature-definition sig0
exit
!
service ssh-known-hosts
exit
!
service trusted-certificates
exit
!
service web-server
exit
!
service anomaly-detection ad0
exit
!
service external-product-interface
exit
!
service analysis-engine
exit
"I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks
Comments
-
dtlokee Member Posts: 2,378 ■■■■□□□□□□host-ip 10.10.25.11/22,10.10.25.2
That's the IP of the unit, you need to add an access-list entry under the host settings to allow management accessThe only easy day was yesterday! -
jworley Member Posts: 39 ■■□□□□□□□□ah! Thank you so very much!"I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks
-
jworley Member Posts: 39 ■■□□□□□□□□She's seen on the network now (permitted 10.10.24.0/22) Thanks a lot! I really do appreciate the help. Now if I can just fumble around this device... lol
Does this device operate on layer 2 or layer 3? It doesn't route packets, does it?"I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks -
mikej412 Member Posts: 10,086 ■■■■■■■■■■No routing.
It either watches the traffic in promiscuous mode - and the initial packet(s) of an attack get through before it responds with instructions to the hardware under attack.
Or it can work "in Line" with in pairs of interfaces (or VLANs pairs with subinterfaces) and stop the first packet if an attack.:mike: Cisco Certifications -- Collect the Entire Set! -
jworley Member Posts: 39 ■■□□□□□□□□ah. I see! That's great. Right now, I have it configured with Gi0/0 and Gi0/1 inline. The default policies are applied to the inline path.
I suppose I won't mess with any of them. Should I add an internal zone to the Anomaly Detction though? I figured adding the internal subnet might be a necessary change if I"m understanding this right.
Thanks again! You guys are great. This will eventually go post firewall (setup is router -> ASA5520 -> IPS -> Layer 3 switch [all ports are trunks] -> access switches). Think there will be an problems with that? I think to test it out, I'm going to put it on the network on an access switch go to a small switch with some select IT people (including myself)."I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks -
jworley Member Posts: 39 ■■□□□□□□□□oh, one more thing. As far as licensing goes, does IPS really get updates often enough to justify this purchase? I'm not 100% sure the Provisioning people here bought this. I would have to pitch like Greg Maddox to get this to fly, probably."I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks
-
Ahriakin Member Posts: 1,799 ■■■■■■■■□□It averages about once a week, sometimes faster, and yes it is worth it. An IPS without signature updates is like an AV without definition updates, unless you want to spend an awful lot of time watching security sites for detailed exploit info. and writing your own sigs...;)We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
jworley Member Posts: 39 ■■□□□□□□□□Ahriakin wrote:It averages about once a week, sometimes faster, and yes it is worth it. An IPS without signature updates is like an AV without definition updates, unless you want to spend an awful lot of time watching security sites for detailed exploit info. and writing your own sigs...;)"I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks
-
jworley Member Posts: 39 ■■□□□□□□□□definitely feeling a little dense asking this but....
I went ahead and got a trial license key so we can get updates for now before purchasing a full key. I'm in the IDM and cannot figure out how to get this thing to update. In the Update and AutoUpdate windows, it asks for a server address, username, and password. I must be missing something here.... what server address? What credentials? Also tried click the Update License button in the Licensing window. It will sit there for hours doing nothing... what's it supposed to do?
Thanks for helping me out with my newbish problems."I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□You should be able to load the Updates from your own machine through the IDM but for Auto Updates you can specify a few options, the most common is FTP, your own server and the username/password you setup to allow access to it. So you download the update yourself the to the FTP server and set your IDS to pull the updates from there
I don't know off the top of my head if the 4240 supports the 6.1.1 image but if it does install it as it FINALLY allows you to auto-update directly from Cisco's website (for which you just use the CCO login to which you have registered the IPS contract).We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
jworley Member Posts: 39 ■■□□□□□□□□alright, I installed 6.1.1, and I must say... the GUI is much nicer and more user newb friendly.
Thanks again for all the help, everyone. You helped take away some of the pain in this learning curve"I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Glad to hear it's working okay.
You should get the Cisco IEM (IPS Express Manager) too, free from the Cisco site. Besides being a decent log viewer/reporter it integrates the IDM into it's GUI so you can very quickly monitor/change/tune from one console. One thing I really like is you can right-click an event in the viewer and tune the rule or set event action filters from the popup menu and it takes you right into the relevant section on that device's IDM. A small but nice timesaver.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
jworley Member Posts: 39 ■■□□□□□□□□Interesting. I searched of the software on Cisco's site. I found the page, I think... but it says
"NOTE:
There are currently no files for this type."
http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ime"I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Odd. I just tried it again and it's working for me. Are you using a download manager/plugin? Try a normal save inside your browser instead.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
dtlokee Member Posts: 2,378 ■■■■□□□□□□You need to log into your CCO account or it will say that or you need a service contract that allows acces to it. The link you provided works for me too.The only easy day was yesterday!
-
jworley Member Posts: 39 ■■□□□□□□□□hmmm... I thought I did log in with my CCO account. I only have a trial key for now, though. Could it be that I don't have enough access?"I asked, 'Why do you bring a gun to a UFO sighting?' Guy said, 'Way-ul, we didn wanna be ab-duc-ted.' If I lived in Fife, Alabama, I would be on my hands and knees every night praying for abduction" -Bill Hicks