IDS 4235

Similar Messages

• Upgrade from IDS 4235 to IPS 5.0 license

  Dear sirs. I have several 4235 sensors and SMARTnet 8x5xNBD contracts on each of them.
  Have I upgrade their software to IPS v5.0 within this contracts or I should get licenses for the IPS?

  Some one is feeding you a line of crap.
  The main announcement for Cisco IDS version 5.0 has this 'fine print' at the bottom of the page:
  "*Cisco IPS Sensor Software Version 5.0 is supported on the Cisco IDS 4215, IDS 4235, IPS 4240, IPS 4255, and IPS 4250-XL appliances and on the IDSM-2. It is supported in the promiscuous-based IDS mode only, for the IDS 4210 and the Cisco IDS Network Module (NM-CIDS).
  Inline IPS services require more than one monitoring interface on Cisco IPS 4200 Series sensors."
  This is posted at the following URL:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_bulletin0900aecd801e65b9.html
  Also, Cisco has stated the same thing in the 'Read Me' file that accompanies the software update:
  "You can apply the IPS-K9-maj-5.0-1-S149.rpm.pkg major update to the following IDS & IPS version 4.1 sensors:
  - IPS-42xx Cisco Intrusion Prevention System (IPS) sensors
  - IDS-42xx Cisco Intrusion Detection System (IDS) sensors (except for the IDS-4220 and the IDS-4230 series)
  - WS-SVC-IDSM2 series Intrusion Detection System Module (IDSM2)
  - NM-CIDS IDS Network Module for Cisco 26xx, 3660, and 37xx Router Families
  It is not compatible with the IDS-4220 and IDS-4230 series IDS sensors, the NRS-xx series IDS sensors, or the WS-X6381-IDS series Intrusion Detection System Module (IDSM)."
  I hope this helps,
  Alex Arndt

• IDS 4235 upgrade problem

  hi,
  i have IDS 4235 running ver 4.1(1)S47
  i want to upgrade it to act as ips i have upgrdae file IPS-K9-maj-5.0-1-S149.rpm.pkg when i start upgrade process i strats copying file from ftp to ids then i got a message
  Error: This hardware platform, , is not supported in version 5.x
  is there any solution for this problem

  Hi,
  Logon to your sensor to CLI. Run show users all to see your users. If there is one with a Privilege of Service, logoff and login again with that user account. If a service account does not exist (only one allowed), create one with the following:
  configure terminal
  username service privilege service
  Best of Luck.

• New to IDS 4235.

  hi,
  can anybody tell me how to access the console of the IDS 4235.
  My ids shows only
  ttya login:
  and I am unable to type anything on this prompt.

  You will need to download the ISO CD image file from cisco.com.
  Then use a CD burner to create a Recovery CD from that ISO file.
  Put the CD into your sensor and reboot.
  It should reboot from the CD and load a new image on the sensor.
  http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=6.0%285%29E3&mdfid=277026258&sftType=Intrusion+Prevention+System+%28IPS%29+System+Software&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+IDS+4235+Sensor&treeMdfId=278875311&treeName=Intrusion+Prevention+System+%28IPS%29&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y

• IDS-4235 boots to GRUB after applying 6.0(3)E1

  6.0(3)E1 patch applied successfully to our non-production IDS-4215. Applying the patch to our production IDS-4235 causes it to boot directly to grub> command prompt. It appears the system files are there. What command do I need to issue for grub to finish patching and can someone share the content of /boot/boot/grub.conf from IDS-4235 with 6.0(3)E1 so I can boot it manually? Thank you.

  Matthew, appreciate you sharing the grub.conf content. As a note for others, from grub I was able to manually boot with the three lines from the default 'Cisco IPS' section:
  root (hd0,0)
  kernel /vmlinuz-2.4.30-IDS-smp-bigphys ro ramdisk_size=76800 rootrw=/dev/sda2 root=/dev/ram0 init=loadrc nousb console=ttyS0 htlblow=32 hugepages=176
  initrd (hd0,0)/runtime.gz
  As it turns out the 6.0(3)E1 service pack wiped the content of grub.conf file which is mounted as read only from /dev/boot as /boot. To restore the content of grub.conf as root user (after logging in with support account and doing "su -") remount the filesystem as read write with the following command:
  mount -o remount,rw /dev/boot
  After restoring grub.conf the appliance can be reloaded normally without manual intervention. Fortunately, it appears the patch broke early enough in the process that nothing else other than grub.conf, as far as I can tell, was affected. The appliance is reporting the prior 6.0(2)E1 version.
  I just got off the phone with our reseller support and they and Cisco finally admitted that it's a known issue classified as unreleased bug after saying that IDS-4235 is not supported with 6.0(3)E1 service pack then saying a reimage is needed to fix the grub issue.

• Upgrading IDSM2 and IDS 4235

  I have 12 IDSM2 and 4 IDS 4235 managed through VMS, I configured automatic download of signature updates but I notice that S189 was missed.
  Is it possible to apply the last Service Pack 4.1.5 from VMS? If yes do I simply have to download the file in the correct directory and apply it as a normal signature update or what method shall I use? I need to manage the update process centrally because my IDS systems are all remote.
  Thanks for your help,
  Chiara

  I tried. There is no way to do it. VMS returns a bad file type and effectively the service pack is .rpm.pkg while files managed during updates by VMS are .zip containing .rpm.pkg and other files.
  I manually did the update on every IDS by ftp and command line and where the update succeeded I had to re-import the sensor on VMS, otherwise the version was not aligned.
  Is this the power of a central management platform?

• Cisco declares the IDS-4235 and IDS-4250 EOS/EOL

  Just in case this isn't general knowledge, here are the official announcements WRT Cisco ending the sale of the afore mentioned IDS appliances, in order to make way for the new IPS appliances (The IPS-4240 and IPS-4255 respectively).
  IDS-4235:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_eol_notice0900aecd801d74d2.html
  IDS-4250:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_eol_notice0900aecd801d74d8.html
  Those who are curious about the new products can check them out here...
  IPS-4240:
  http://www.cisco.com/en/US/products/ps5768/index.html
  IPS-4255:
  http://www.cisco.com/en/US/products/ps5769/index.html
  Hope this info proves useful to someone other than myself,
  Alex Arndt

  I can state categorically that the signature updates for these platforms will continue as will software upgrades for some time in the future. They both will support 5.0 and I have not yet started a phase out of signature updates for these platforms. I can not state how long they will be supported, but would feel safe in saying that they will be supported with signature updates for at least the next year and possibly as long as 2 years.
  As an example we EOS the 4230 over 2 years ago and still update signatures on it. 5.0 is the first SW upgrade to not support the 4230 platform.

• Where is Bios_A04.exe for IDS-4235?

  Hello All,
  I just bought an old IDS-4235 and I need to upgrade its bios to a04. According to Cisco documentation, the BIOS_A04.exe should be in the recovery/upgrade CD. I have a CCO account, I downloaded various versions of upgrade/recovery images to look for this file but could not locate it? And by the way, how do I open files with pkg extension in Windows? Appreciate any help!

  Since emailing executables is problematic, I'll attempt to post them here.
  - Bob

• IDS 4235 showing 98% memory usage, is it normal?

  IDS 4235 with 4.1.5.S191 showing
  Using 908922880 out of 921522176 bytes of available memory (98% usage)
  Is it normal ?

  There is a 4.x known bug where the memory usage is incorrect.
  The actual memory usage number can be determined from the service account by entering the following command:
  bash-2.05a$ free
  total used free shared buffers cached
  Mem: 1934076 1424896 509180 0 18284 1214536
  -/+ buffers/cache: 192076 1742000
  Swap: 522072 0 522072
  The "Mem:" row, "used" column is the amount of memory (in kilobytes) that
  the "show version" command reports. However, this total includes the
  "cached" amount.
  So in the above example, the actual memory used is ( 1424896 - 1214536 ), or
  210360 KB. This is ( 210360 / 1934076 * 100 ), or 10.9% of total memory.

• Problem with ids 4235 and IDS MC 1.2

  Hi
  When I initial setup ids 4235 and installed IDS MC 1.2 completed.I want import the sensor into IDS MC,when I add sensor by select device>sensor and fill the blank request and select next,my browser stoped.
  When you open control panel>service:tomcat.exe service stopped.
  many thanks for help

  Please make sure you have all the patches installed. Can anyone figure out other reasons for this?

• Ids 4235 with single sensing interface

  hi guys,
  I have an IDS 4235 which i upgraded to 6.0(5)E3 version.
  it has only one sension interface,now how can i keep it in inline mode??
  any ideas please help.

  With a single interface you'll need to trunk two vlans to your sensor, an "inside" and and "outside" vlan (just like a firewall) and configure your sensor for in-line vlan paris
  http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/idm/dmInter.html#wp1029962

• IDS 4235 running IPS 5

  i'm using IDS 4235 running IPS 5.1(5) with 4 Fast Ethernet card.
  when running in inline mode with default signature configuration it slows down all internet activities (I connected to the internet via 2M SHDSL).
  i don't know what is wrong ....??

  It happens due to the presence of the following bugs,
  CSCsg70372 , CSCsg60356

• IDSM version on IDS 4235

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  Hello to all 
  I did not deal with IDS in the past, nut I do now 
  The model in discussion is 4235.
  I need to reset one to factory default or at least reset the password        which probably means re-imaging.
  Done some reading about the issue and cannot seem to determine the correct,
  The detail I need to retrieve is how to find out the IDSM version ?
  Please remember that the system boots into a user/pass right after GRUB.
  Thank you for your help,
  Guy

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  Hi Bob,
  thank you for your reply.
  at this point, the system boots up to a user/pass, I dont have the CDRom drive,
  is there a way for me to run a pass recovery utility, or anything at all to do with the system ? ( I’m being a little extreme)
  I could run a sniffer and obtain the IP address , but I'm pretty sure that it will be a dead end as well...
  thank you for your time,
  Guy

• IDS 4235 FTP is not working, getting error

  I purchased a user cisco 4235 and plan to upgrade it to 6.x. When I initially attempted to upgrate VIA FTP I got an error because I cannot upgrade from 4.x to 6.x. I attempted to upgrade it to 5.x and I received an error message stating "Unknown FTP error" from the console. I don't receive this message when I ssh into the box. I also get this error message whn I try to "copy current-config ftp://" so it not just a upgrade issue it seems to be a FTP issue. The FTP server I am using is Filezilla installed on a windown XP machine. The windows firewall is disabaled at the time of connection. Judging by the logs I can tell it connects to the FTP server and authenticates but does not transfer anything, it just times out.  I have attached the logs from filezilla and the running config form the IPS.

  Well, if there is a linux box in your network you can use the following command
  (config)# upgrade scp:// 
  User:  
  User:  
  User: abc 
  Server's IP Address: 1.1.1.1 
  Port[22]:  
  File name: filepath 
  Password:
  Or use HTTP protocol, if you have any webserver.
  Regards,
  Sawan Gupta

• IDS 4235 password recovery

  Hello,
  I have two documents for password recovery on the 4235. Can you advise which one to use? The first one listed below seems easier but I have a feeling I'm missing something. Thanks.
  http://www.cisco.com/en/US/docs/security/ips/6.0/release/notes/8827_02.html#wp1157210
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_password_recovery09186a0080094e83.shtml

  Are you able to access version 5.0, or have you lost your passwords?
  If you still have access to version 5.0, then there is no reason to do a re-image. Instead just "upgrade" to a more recent version like 5.1(7)E1, 6.0(4)E1, or 6.1(1)E1.
  Upgrade locations:
  IPS-K9-5.1-7-E1.pkg
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips5
  IPS-K9-6.0-4a-E1.pkg
  IPS-K9-6.1-1-E1.pkg
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips6
  Upgrade instructions:
  http://www.cisco.com/en/US/partner/docs/security/ips/6.1/configuration/guide/cli/cli_system_images.html#wp1088688
  If you have lost your passwords, then you will need to re-image, but I would not bother with version 4.1 or even 5.0. They are both too old and not worth loading at this point.
  I would re-image directly to either version 5.1(7)E1 or 6.0(4)E1, or even 6.1(1)E1.
  For 5.1(7)E1 use this file:
  IPS-IDSM2-K9-sys-1.1-a-5.1-7-E1.bin.gz
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips5-cat6500-idsm2-sys
  For 6.0(4)E1 use this file:
  IPS-IDSM2-K9-sys-1.1-a-6.0-4-E1.bin.gz
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys
  For 6.1(1)E1 use this file:
  IPS-IDSM2-K9-sys-1.1-a-6.1-1-E1.bin.gz
  http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-cat6500-idsm2-sys
  For installation instructions:
  http://www.cisco.com/en/US/partner/docs/security/ips/6.1/configuration/guide/cli/cli_system_images.html#wp1031426