ASA5515X-IPS management 0/0 to LAN

Similar Messages

• How to create an rule with action to subtract from the event log of Ips manager express console?

  how to create an rule with action to subtract from the event log of Ips manager express console?, some knows of has an guide?.
  Thank you.
  Sent from Cisco Technical Support iPad App

  Hi,
  http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bc7910.shtml
  HTH
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach us"
  http://www.cisco.com/web/partners/tools/pdihd.html

• CSM IPS Manager doesn't display IPS sensors.

  I am doing inital configuration of the CSM v3.0 The IPS sensor 4250xl that I have added to CSM doesn't show up in the IPS Manager. Moreover, the Devices->Sensor window doesn't appear to be displayed correctly - there is a browser icon indicating missing content.
  Any ideas what may be the issue. Thanks.

  You might be running into a bug here. The bug-Id is:CSCsa83631

• Configuring signature through IPS Manager in CSM3.0

  I was trying to customize the siganture with IPS manager in CSM3.0.Any changes in CSM3.0 only displays in the window but looks like it is not been applied to IDSM2 which has IPS v5.1.The same change If I make through IDM to idsm2
  it works fine.
  This how I am testing: Just changed the sev level (low to high) in one of the bulit in siganture (say 2100 sweep)
  from the IPS manager in CSM3.0.Then, when a traffic triggers that signature,the IPS Eventviewer still shows the sev level as "low" only.
  But if I do the same changes though IDM I can see the sev level as "high" in the IPS event viewer5.0.
  I also have 2 x 6500 with single IDSM2 on both switches.I could add only one IDSM2 to IPS manager (via DCR in comman services )and the other one I couldnot.Any suggestions please

  Hi,Thanks for your response.IPS Sensor is configured.I use the same username/password with priv15 through IDM as well.
  Here is the Problem Summary:
  ============================
  We are using CSM3.0 for managing IDSM2 modules and we are having the following difficulties
  I. Adding new IDSM2 sensor module into CSM3.0 through IPS
  II.Customization of any signature
  I.Adding new IDSM2 sensor module into CSM3.0 through IPS
  We followed up the below procedures to add the IDSM2 modules
  1.Go to CCS, device crenditials, select the type as cisco service modules and give the device crenditials like IP Address, username/password etc
  2.Go to IPS Manager, under device tab we could see the IDSM2 module has been added.Then go to sensor group and re-import it.It works fine ie we could add and see the same in IPS manager.
  Note: 1st sensor was successfully added where as the 2nd sensor couldnot be added in IPS
  3.We could see that the same has been added into common services.But when we see in IPS Manager Device sensor or sensor group, we could not see the IDSM2 module.
  Only the 1st sensor is showed in the IPS window.So we couldnot re-import the second sensor in to the specified group ( the group is same as the 1st sensor)
  II.Customization of any signature:
  We followed up the above said procedures ( as per I 1 to 2) to add the IDSM2 modules
  Note: 1st sensor was successfully added where as the 2nd sensor couldnot be added in IPS
  1.Go to configuration, select the IPS siganture5.1, apply some changes like
  Changing the sev level from ?low? to ? high? for one of the built in signature ( ID 2100) by tuning. The changes appear in the CSM IPS console. But it doesn?t apply to the IDSM module. After this change, if the signature triggers IEV should show the changed level ? high?. But the IEV still shows the old level for the signature ID 2100 as ?low? only. The main screen under device tab still shows that configuration as pending.ie it looks like the changes made in CSM/IPS manager doesn?t applied to IDSM2 module
  Note: If we make the same changes by using the IDM which behaves as expected.ie IEV shows the sev level for the tuned signatureID (2100) as ?high?
  Please suggest us where are we missing?
  Here are the details about the modules
  Module: IDSM2 module
  Ver: 5.1(1)S229.0V1.0
  CSM : 3.0
  IEV: 5.1.1

• Cisco IPS Manager 7.0.2

  Hi,
  I installed Cisco IPS Manager and it can see the AIP-SSM ips. But I do not see any real time logs and cannot create any report. What can cause this problem ?
  Thanks

  It could be a lot of things, I would do the following:
  > To start of, verify if any events are coming on the AIP-SSM itself (via GUI or console)
  > Is the 'Events Connection' showing as connected on the IME summary window?
  > Goto Events >> Historical >> Last x duration and see if any events came from the AIP-SSM
  > Double click the AIP-SSM (or right click and update the status) to get the latest certiifcate
  > Restart the IME service
  Regards
  Farrukh

• Is Lincense integrted with IPS Management IP Address?

  I have imported lincense in IPS 4240 that haveing one Temporary management IP address. In future IP address is getting changed for IPS. Could It make impact on same?

  No, the IP address is not used by the IPS licensing logic. You will be able to change IP without affecting licensing.

• Network Management system for our LAN/WAN

  Hello Everyone,
  We have a Cisco network covering around 350 staff, in 8 floors, and recommended Management system  to monitor the network , showing the bottleneck, performance, download speed for each client, it will be great if the tool is covering both LAN and WAN network.
  Is there any free tools from Cisco can do the job? if not pls advise
  Best Regards

  Sure - just remember free to buy is not the same as free to own. Open source tools usually require a larger investment in configuring things yourself and usually (but not always) come without any sort of option for paid support.
  Many people put together a system with Nagios (fault management), Cacti (performance management) and RANCID (configuration management). Each is free and community-supported. If you or your organization is comfortable setting up some Linux servers and customizing some files and templates you can have a quite workable system using those tools.
  If you want a lower cost of entry with paid support options, consider something like Spiceworks, What's Up Gold, or the entry level products from SolarWinds (Kiwi syslog manager, cattools, engineer's toolset etc.).

• IDS/IPS management and deployment

  I've been looking for solid guide on Cisco's website that highlights the primary tasks for deploying any IDS or IPS appliance into a production network and maintaining after deployment. Does anyone have any links?

  Hello Owray,
  You can look at the product documentation of IDS to get this info. There are abundant materials available on CCO for deploying/maintaining IDS.
  Deploying/initial config of IDS:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/hwguide/index.htm
  Managing the IDS using IDM:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/index.htm
  search for some keywords on CCO and you will get more of such docs..
  hope this helps.. rate replies if found useful...
  Raj

• IPS Management with VMS

  Hello,
  I need an info for the following points.
  Can i manage the IDS 4215 & 4240 wth IPS 5.0 with VMS 2.2 or higher version if available.
  regards
  Vijay Tandon

  VMS has 2 management tools that deal with the IDS/IPS sensors:
  Security Monitor for monitoring the alerts,
  and IDS MC for configuring the sensors.
  Upon initial release Security Monitor will be able to monitor the 5.0 sensors, but will monitor them the same as it does for 4.1 sensors. In other words Security Monitor will not have the new fields that are added to the alert in 5.0.
  Security Monitor will be updated in a future release to handle the new format for 5.0 alerts with the new fields.
  Upon initial release IDS MC will not be able to configure a 5.0 sensor. 5.0 sensors will have to be configured using CLI or IDM on the sensor itself.
  IDS MC support for configuring 5.0 sensors is being added in a future IDS MC release.
  Marco

• IPS Manager Exp 7.0.3 fails to connect to AIP-SSM module

  Hi, am trying to connect to my IPS module nested in a Cisco ASA 5540 appliance. Yesterday i was able to connect and do my configurations but when running the IME today i dint find my sensor module in the devices list so i tried adding it again and it gives an error. The IME systems logs are:
  2010-07-22 09:29:30,092 [j_] WARN - addSource() source exists
  2010-07-22 09:29:30,092 [ty] ERROR - 1
  2010-07-22 09:32:06,775 [j_] WARN - addSource() source exists
  2010-07-22 09:32:06,775 [ty] ERROR - 1
  2010-07-22 09:33:47,753 [j_] WARN - addSource() source exists
  2010-07-22 09:33:47,753 [ty] ERROR - 1
  2010-07-22 09:45:16,887 [j_] WARN - addSource() source exists
  2010-07-22 09:45:16,887 [ty] ERROR - 1
  Kindly assist on how to overcome this.
  Jerry.

  Its ok guys, silly Windows issues, i had to run the application as an administrator!!!!!!     

• Cisco IPS Manager Express 7.0.1

  I just want to verify if the following is working properly:
  - Under Configuration > IPS > Sensor Monitoring > Time-Based Actons > Host Blocks is configured properly
  I have entered in a few hosts to be blocked and I notice the following:
  - Under Connection Block Enabled tab it shows "false" for any host that I enter in. ??????
  Thank you in advance for your assistance.

  Hi,
  additional question,
  how to configure it from CLI? I couldn't find any command and when I put it from IDM or Express (whether with this option enabled or disabled) it is not shown in cli
  Output from show statistics network-access
  Current Configuration
  LogAllBlockEventsAndSensors = true
  EnableNvramWrite = false
  EnableAclLogging = false
  AllowSensorBlock = false
  BlockMaxEntries = 250
  MaxDeviceInterfaces = 250
  State
  BlockEnable = true
  BlockedAddr
  Host
  IP = 7.7.7.7
  Vlan =
  ActualIp =
  BlockMinutes = 60
  MinutesRemaining = 56
  Host
  IP = 9.9.9.9
  Vlan =
  ActualIp =
  BlockMinutes = 60
  MinutesRemaining = 57
  what is more when configuring 7.7.7.7 rule I added destination with 8.8.8.8 and where is it stored?
  regards

• 4404 wireless lan controller managment via wireless clients

  I am having an issue managing a 4404 wireless lan controller via wireless clients.
  I have checked the box "enable controller management to be accessible from wireless clients" under management. For some reason that does not seem to fix the problem (page cannot be displayed). I cannot ping the controller by IP but other devices on the same subnet respond. Everything else works fine.
  I CAN manage the controller when plugged in a wired connection.
  When I do a route print it is identical wireless or wired. The route simple points to my interface. If I modify the route on my computer to actually point to our gateway instead of the interface then everything works. But why should I have to do this only for my wireless connection and not my wired to manage this box?

  Thanks for the info. I narrowed the problem down to an ARP issue.
  In order for me to connect to the controller, I run a batch file that creates a static ARP entry on my laptop. I don't have to do this for any other device except the controller. Not sure what the underlying cause is, but that works as a workaround right now.

• Cisco IOS IPS - How to manage signatures?

  Hello everyone,
  I'd like to efficiently tune signatures in IOS IPS on one router, a 1941. Available options I found are:
  CLI: not efficient to tune a group of signatures (example: Windows OS)
  CCP 2.7 (Windows GUI): best tool I know, but not efficient, since:
  a bit bugged (sometimes won't work on some computers)
  needs IE9 to work fine, thus excluding its use on W8/W8.1
  turnaround to use onIE10/IE11 won't always work (one computer refuses to keep compatibility view settings, for example)
  not able to efficiently sort signatures, using several criteria (main drawback)
  not able to exclude sets of signatures - like compile failed signatures
  CCP 2.8: only available in express version. I installed it, but did not see a tab about signature tuning ...
  Cisco Security Manager is complete overkill, since it needs a license and a server. Not simple to tune IPS on only one router ;-)
  IPS Manager Express: seems a nice tool, but mainly designed for IPS sensors and firewalls, and not able to tune signatures for a router.
  So, if one of you has an idea about a tool, whether Cisco or 3rd party, running preferably on Windows, it is very velcome!
  Thanks!

  Hello Will,
  I have only played with the CLI and with that I was able to selective enable the signatures I wanted (even using the sub-id intentifier), changed the action,compile the ones required, etc.
  If this is what you are looking for when refering to tune signatures CLI will be fine, if more than that is needed well you have all of the software that you could use.
  No other software available
  Looking for some Networking Assistance? 
  Contact me directly at [email protected]
  I will fix your problem ASAP.
  Cheers,
  Julio Carvajal Segura
  http://laguiadelnetworking.com

• Need help installing Intel Lan Driver on a Satellite A100-011

  I have bought Toshiba Satellite A100-011 notebook with Windows Vista. Now I downgraded the os to Windows XP. The problem is how to install Intel Lan Driver. I would really appreciate any help, because there is no .exe file and I have no idea, what to do with those files.

  Hi buddy,
  the files which are in the zip file are really the drivers but you have to install them manually which means you must go to the device manager, search for the LAN device which probably should have a exclamation mark and then right-click on it. After clicking a wizard should appear which leads you trough the installation process. When the wizard asks for drivers (if not already automatically found) then point on the folder where the driver files are located.
  Then everything should be fine. :)
  Greetings

• [solved] Troubleshoot ssh with keys (works from LAN, not WAN)

  I'm trying to set up ssh so that I can connect to my work computer from home. It is pretty much essential that I keep the work box as secure as possible at all times. (So I can't disable the firewall, come home and test it because IT would not be at all happy.)
  I'm not sure if this is an Arch question, a Fedora question or a general Linux/networking question.
  The work box is running Fedora 17. It has a firewall eerily like the "simple stateful firewall" described on Arch's wiki. It is running sshd. Public key authentication is enabled. No other form of authentication is enabled. It has a rule allowing ssh connections.
  My laptop is running Arch. It has a firewall very like that described on the "simple stateful firewall" page. It has a couple of rules allowing stuff I need at home (printer and something I had to enable for the LAN).
  Initially, I was given an internal ip address. I got this working fine i.e. I could ssh into the box from my laptop while sitting next to it in my office over the LAN. I'm using the default form of key pair generated on Arch (i.e. rsa) and am using gpg-agent with ssh support in lieu of ssh-agent to manage keys. Pin entry is using the qt front end as I'm on KDE. (I adapted KDE's config so that it starts gpg-agent with ssh support for the session so that I didn't end up with two instances.)
  Once the firewall was in place and sshd was running, they gave me a public ip address. At this point, no port was opened in their firewall to allow WAN connections but I tested the public ip address from within the LAN and it once again worked fine.
  Once I'd confirmed the machine could connect out after getting a public ip, they arranged for the port to be opened for ssh. However, I cannot connect to the machine from home.
  $ ssh -vvi .ssh/id_rsa [email protected]
  OpenSSH_6.1p1, OpenSSL 1.0.1c 10 May 2012
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: /etc/ssh/ssh_config line 22: Applying options for xxx.xxx.xxx.x
  debug1: /etc/ssh/ssh_config line 32: Applying options for *
  debug1: auto-mux: Trying existing master
  debug1: Control socket "/home/username/.ssh/[email protected]:nn" does not exist
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to xxx.xxx.xxx.x [xxx.xxx.xxx.x] port nn.
  debug1: connect to address xxx.xxx.xxx.x port nn: Connection timed out
  ssh: connect to host xxx.xxx.xxx.x port nn: Connection timed out
  xxx.xxx.xxx.x is the public ip (works fine from LAN)
  nn is the port number
  username is my user name (same on both machines)
  The options for the host from ssh_config are:
  AddressFamily inet
  Compression yes
  ControlMaster auto
  ControlPath ~/.ssh/socket-%r@%h:%p
  and the only generic option applied to all hosts is just a line to insist on protocol 2 which I think is default now anyway but I followed the wiki and specified it to be sure.
  What have I missed? My networking knowledge is pretty basic at best. (I got this far using Arch's wiki, Fedora's documentation and a little trial and error. That seemed to work well but now I've added google and still can't figure it out. All the hits I get concern cases where the LAN connection works but authentication fails over WAN. But I'm not getting that far - it looks like my work box doesn't respond at all...)
  Last edited by cfr (2012-09-25 22:12:06)

  So I discovered I'd also managed to kill off LAN access as well as the machine's ability to use any sort of DNS... (I did say it needed to be secure...)
  Anyway, I fixed that, reestablished working ssh from LAN but still can't get it to work from WAN.
  Question: if ShieldsUp! reports the port as stealthed does that mean that the port has not actually been opened? So the campus firewall is blocking the connection? Because if so, I'm knocking my head against a brick (fire)wall to no purpose whatsoever...
  I figure it can't be the software firewall else I'd not be able to connect on the LAN. And it is a public ip address so there's no NAT translation required...