IPS Manager Express & IOS

PStefanov

Some problem with the IPS Manager has been bugging me the whole day and I am totally lost after 8+ hours of troubleshooting and reading through data sheets. My question is if it is possible to run the IPS Manager Express for an IOS-based router, which has no IPS module. The readme file for v6.1.1 says that it supports IOS IPS devices (http://www.cisco.com/web/software/282829584/28973/IME-6.1-1.readme.txt), but when I configure IPS signatures on an ISR running 12.4(15)T7 and try to connect the GUI to the device, it gives me the following error:

Error response from IME server: Unknown error (check log file in installation's log directory).

From the log:

2010-02-25 23:45:00,218 [s2] WARN - switch new table function returns empty table name
2010-02-26 00:17:56,515 [sz] WARN - 10.99.98.2: error in init() Error on line 1: Content is not allowed in prolog.
2010-02-26 00:17:56,515 [q] ERROR - addSource() thread initialization error
2010-02-26 00:17:56,515 [sx] ERROR - 1

Although that seems to be a Java error, I assume it isn't because I tried with different versions and from different computers (and on different routers).

Pavel

mikej412

PStefanov wrote: »

My question is if it is possible to run the IPS Manager Express for an IOS-based router, which has no IPS module.

No, I think it only supports the IPS 4200, ASA IPS, IDSM2, and AIM-IPS.

It sounds like that readme was talking about the AIM-IPS.

The only thing other than the CLI for management of the IOS IPS is SDM and CSM. I think there is an IOS version that lets you access it for reporting IPS Manager Express.

Edit: The brochure makes it sound like you should be able to access the IOS IPS for Monitoring & Reporting
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5715/ps9610/at_a_glance_c45-459034_v4.pdf

Cisco IOS Software Releases 12.3(14)T7, 12.4(15)T2 (monitoring and reporting only)