Cisco 3640 and ips.

Similar Messages

• Cisco ACS and IPS sensor

  Is it possible to setup an IPS sensor's IDM console or CLI to check ACS for user authentication rather than use local accounts on the sensor? Or is this something only the cisco works software can do?
  thank you,
  Bill

  Now Possible with IPS Version 7.0(4)E4 but only Radius Authentication.
  Thanks.

• Trend micro and IPS

  Hello,
  I want to buy an ASA5510 + SSM for my lan.
  The goal is :
  - Make URL filtering/blocking within work hours
  - Deny some application like IM, P2P, web radio, during work hours.
  Trend Micro is good for the first think : url filtering by categories
  But is not good for blocking IM, ... (only check port 80 http)
  So, is it possible on an ASA to have Trend Micro and IPs working on the same appliance ?
  If no, what is the solution?
  Thx

  Hi.
  you can only install one module into the ASA. so yes, you can't have both the CSC and the SSM module in the same asa 5510.
  however the ASA does support url filtering via Websense or Secure Computing SmartFilter (formerly N2H2) . so if you have a any of those servers, you can configure the ASA to do the url filtering, and install the ssm ips module into the ASA to do the IM blocking.
  more info on asa web traffic filtering:
  http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/access_filter.html#wp1069318
  Regards,
  Fadi.
  if this answers your question please mark the thread as resolved.

• Cisco 3640 cant configure voice-ports

  I've an cisco 3640 with a VWIC-2MFT-E1 network module. Can anybody tell me why i cant configure any voice-port? without able to configure voice-port, i cant assign any port for my "dial-peer voice xx pots". Anybody has any solution?
  what im trying to do is sending voice data traffic to 192.168.10.1
  controller E1 1/0
  framing NO-CRC4
  clock source line primary
  channel-group 0 timeslots 1-31
  interface Serial1/0:0
  bandwidth 2048
  ip address 192.168.10.2 255.255.255.252
  ip mtu 300
  encapsulation ppp
  no ip route-cache
  no fair-queue
  no cdp enable
  dial-peer voice 777 pots
  destination-pattern 77T
  no digit-strip
  direct-inward-dial
  forward-digits all

  I've only got this from my controller E1
  Vertigo(config-controller)#?
  Controller configuration commands:
    channel-group     Specify the timeslots to channel-group mapping for an
                      interface
    clock             Specify the clock source for a DS1 link
    default           Set a command to its defaults
    description       Controller specific description
    detect            Enable detection of loopback request
    exit              Exit from controller configuration mode
    framing           Specify the type of Framing on a E1 link
    guard-timer       Guard timer (0-20) for xcsp calls - timer duration and
                      accept/reject on expiry
    help              Description of the interactive help system
    line-termination  Specify the line termination for E1
    linecode          Specify the line encoding method for a E1 link
    loopback          Put the entire E1 line into loopback
    mode              Configure the controller mode
    no                Negate a command or set its defaults
    shutdown          Shut down a E1 link (send Blue Alarm)
    tdm-group         Configure DS0 group for TDM
  Do i need DSP for the voice-ports? Please guide me on what more module i need to get. Thanks!!
  https://supportforums.cisco.com/message/3022639;jsessionid=AF45FBC0DDB8636D70F9B526A367016F.node0

• Cisco 3640 - Error : Uncompression of the image failed.

  Having a problem booting my Cisco 3640 Router and get the following errors in boot "rommon" mode:
  Error : Uncompression of the image failed.
  invalid compressed data--format violated
  Error : zip decompress failed
  Does anyone know what might cause this and what I can do to get it booted up into IOS?
  Thanks, Scott

  Update - I have already tried uploading a new image to flash: using the rommon> xmodem command and got the same results. Thinking that my flash SIMM card was toast, I then tried installing the IOS image from a PCMCIA Smart card. Again, got the same errors. Anyone know what might cause these errors and how to fix them?

• Cisco 887 and wireless module

  Hello there
  I recently bought a cisco 887w and i'm having problem with wireless. The question is: is there any way to disable the very VERY annoying wlan-ap0 interface to boot from the main cisco IOS? Couln't find anything related with this over the internet :( I do really want to use dot11radio 0 from main router interface just like on my old cisco 877. Any help?

  Nicolas thank you for your answer,
  Yes, i did notice that c887w has a real ap inside. That's not too much flexible for me for the main reason that this is not intergrated like c877w as i thought. This has many disadvantages for me like i have to keep 2 different configurations, i have to login by typing service-module wlan-ap0 blah blah blah, two different managment IPs and so on. Dissapointed... but i'll get used to it : ) Fortunately they didn't do the same thing on fastethernet interface module..LOL! Hopefully on next IOS releases they do include an option to use dot11radio from main cisco IOS.
  I'll have my time with this now.. I'll keep searching the cisco.com for a suitable config for me. If you have any tip for wireless bridging with the main BVIs on the router interface i'd apprieciate that : )
  And for last something off topic... i noticed (not sure) that weighted early random detection (WRED.. QoS) is not supported. Is that true?
  TX!!!

• Which version of IOS is required on Cisco 3640 to have Xconnect command?

  Hi,
  I want  to  to configure layer2 circuits on Cisco 3640 , If anybody can let me knowWhich version of IOS is required on Cisco 3640 to have Xconnect command?

  Hi Harold,
  I have a home lab having Cisco 3640, Cisco 2610 and Juniper J2320. I want to configure Layer-2 VPN/EoMPLS  between Juniper J2320 and Cisco device.
  Could you please guide me on these 2 below mentioned questions.
  1) Does Cisco 2610 supports Layer-2/EoMPLS with any IOS. If so what IOS should I have to support Layer-2/EoMPLS on 2610.
  2)Can you please confirm me that Cisco 2801 with IOS c2801-spservicesk9-mz.124-15.T9 will support Layer2/EoMPLS ?
  While researching on this I cam to know that only 2801 with IOS c2801-spservicesk9-mz.124-15.T9 can support this , but not sure , need your guidance.
  Based on your answer I will buy Cisco router 2801 for my Layer-2/EoMPLS setup.
  Regards
  Ranjeet

• Prepaid Services on Cisco 3640 Router

  Dear All.
  I intend to Configure the Prepaid Services on Cisco 3640 Modular Router for the Long Distance and International Calls.The Service is to Offer the Usual IVR like Welcome to XXX and than the Prompt for PIN Number etc.I have got good hand on the VoIP configuration but have no Idea about the Prepaid Configuration.Can Anyone help me in brining up my Prepaid Services ?? Also,I learnt the Voice Prompts has to be made available .Are they supposed to be inside the Box or can reside on any External Server and can be loaded whenever the Cisco gets a Preapid Call ???Do I have to learn the TCL Scripting to acheive this Proposed Project.Pls,I look forward to get an Early response on the above matter.
  Thanks,
  Gopal Bisht.

  What you are refering to is the Prepaid Calling Card system, or DebitCard. You don't need to know TCL unless you want to customise the solution.
  Prompts are stored on a tftp server and downloaded as necessary.
  Here is some information on the Debitcard system -
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a0080080a99.html
  http://www.cisco.com/en/US/products/sw/voicesw/ps2192/products_programming_reference_guide09186a00800e9a2c.html
  The system needs an external billing server that runs a special application to handle all the account balances and authentication. It's not just a matter of a configuring the scripts on the router. A common server application is from MindCTI -
  http://www.mindcti.com/MIND-iPhonEX_Cisco%20VoIP%20Gear.pdf

• Correlating Cisco ASA-SSM-IPS Events/Logs

  I have just configured a Cisco ASA-SSM-IPS10. An exciting feature of this decice is the ability to monitor, analyse, and correlate security events. Can anybody help with a documentation to simplify daily (or periodic) analysis, and correlation of the IPS Logs? As I am not yet to up to speed with this task yet, a "How-to" document would be just fine.  Thank you.

  Hi Chris,
  Good to have you get on the case. I am yet to setup and ips manager software. Presently, I use an ASDM 6 interface, with this interface, I am able to view events and alerts, and perform other adminsitrative cores... The IPS manager express does it comes bundle with our device purchase? Does it contain necesary templates/docs for correlating events/Logs?

• Low Audio on Cisco 3640

  I am using Cisco 3640 for H323.I am observing a problem for sometime,that the Audio on the Voice calls is too Low and we cannt hear the Conversation very well...Is there any Voice Port Config etc to Make the Audio Louder on the cisco 3640.Pls,Advice.
  Awaiting an Early Response.

  Thanks Tamer.
  I tried the above and the thing surprises me is that as soon as I change the input gain unde the voice port use for my Origination Calls from 3 ( input gain 3 ) , the call doesnt gets completed and I troed other settings like input gain as 4 dB , 5 dB and it didnt work..the calls only work at input gain 3...pls,comment ...Also,Advice If we can use the Input gain and as output attentuation under the same voice port ..Does it make any sense.??Pls,comment.
  Thanks in Anticipation.
  Regards,
  Gopal

• IDS and IPS ?

  Hi
  I am using before 4215 IDS in my network.
  My question is what is basic difference IDS and IPS ?. why I am using IPS in place of IDS , what is the key point and benefit ?.
  Thanks
  biplob

  Hi,
  Here are the definitions from IPS 5.1 guide.
  Understanding Promiscuous Mode (IDS)
  In promiscuous mode, packets do not flow through the sensor. The sensor analyzes a copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous mode is that the sensor does not affect the packet flow with the forwarded traffic. The disadvantage of operating in promiscuous mode, however, is the sensor cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks). The response actions implemented by promiscuous sensor devices are post-event responses and often require assistance from other networking devices, for example, routers and firewalls, to respond to an attack. While such response actions can prevent some classes of attacks, in atomic attacks the single packet has the chance of reaching the target system before the promiscuous-based sensor can apply an ACL modification on a managed device (such as a firewall, switch, or router).
  Understanding Inline Interface Mode (IPS)
  Operating in inline interface mode puts the IPS directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not only is the inline device processing information on layers 3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded attacks (layers 3 to 7). This deeper analysis lets the system identify and stop and/or block attacks that would normally pass through a traditional firewall device.
  In inline interface mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface of the pair unless that packet is being denied or modified by a signature.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1033759
  Hope this helps.
  Edward

• IDS and IPS Hardware Information

  Hi,
  Can anybody give me a detailed information in all the possible hardware that is used for IDS and IPS technologies till date.

  Cisco 830, 1700, 1800, 2600, 2800, 3700, 3800, and 7200 Series Routers are supported by IPS.

• Cisco Service for IPS

  Hi all,
  We have a customer purchase AIP-SSM-20 3 year back and not using it, now they install into a ASA5520 appliance and want to subscript to the Cisco Service for IPS, please advice below which is the correct Cisco Service subscription.
  CON-SU1-ASAINC20, IPS SVC, AR NBD AIP SSM-20 included in ASA systems
  CON-SU1-ASIP20K9, IPS SVC, AR NBD ASA AIP Securi Service Module-20
  Thanks in advance!

  Service levels are described here:
  http://www.cisco.com/en/US/services/ps2827/ps6076/services_qa0900aecd8022e962.pdf

• How do I enable Caller ID on an 3640 and 2621 router?

  I can't use the caller-id enable command it seems both on voice-port 1/0:23 on the 3640 and on the 2621 FXO ports. Without that, how can I get caller ID enabled?

  check following URL below for information.
  http://www.cisco.com/en/US/tech/tk652/tk653/technologies_configuration_example09186a00800a9a49.shtml
  Thanks
  Shahzad

• Difference between MARS LMS and IPS

  I am trying to understand the difference between MARS, LMS and IPS and why you would use one over the other.
  Thank you all.

  MARS is an appliance that aggregates/deduplicates syslog and netflow data from routers,switches,firewalls, and IPS sensors. In addition to Cisco devices it also supports things like Checkpoint Firewalls, Snort IPS, etc.
  LMS (Ciscoworks LMS) is primarily a device configuration and IOS management platform that runs on your own Windows server (not sure if Unix is still supported.) We use it to maintain the configs of hundreds of Cisco routers and switches, easily push out config changes to said devices, and mass-deploy IOS upgrades.
  IPS is sort of like anti-virus "on the wire" - it runs on dedicated IPS sensors, plug-in modules on firewalls or 6500's, and on routers via IOS IPS. Events can be forwarded to MARS for correlation, etc.
  You didn't ask, but CSM (Cisco Security Manager) is the more appropriate tool for mass-configuration and 'group policy' for firewalls and IPS sensors.
  Each product solves a particular problem; you wouldn't choose one over the other since they all work together to provide a cohesive solution. The specifics of your environment (particularly the number and type of devices) would dictate your choices here.