IDSM-2 IPS (5.x) / Cat IOS questions

Similar Messages

• Simple IOS questions: Debug, Release, Distribution

  IOS question:
  Can someone explain what the different build settigs are, and also what certificates/code-signing is needed for each, and whether I can set the signing rules for Debug, Release and Distribution, and be able to build whatever I need without having to change them.
  #1
  I get debug, and distribution.  So what is release?
  #2
  What is the proper setting for the code-signing for each of Debug, Release, Distribution?
  (What I have done in the past is just set them all to the Team provisioning when building for local users, and the Distribution provisioning when I need to do a distribution.  It seems to me that I ought to be able to set the proper provisioning certificates for all 3 settings and never have to change them because it should use the correct one for each type of build, Right?)  So, how to anser #2?
  Thanks!

  Thanks KT, as usualy you're full of good links to information.
  Still reading through things, skimming the parts I know and reading about features I've never used.
  It's a Duh moment for Release vs. Debug.... just stripping symbols, oh yeah.
  However, still no clear answer about #2.... should I be able to set the provisioning certs once, and never have to touch them again?  Especially now, with the Archive pane in the Organizer window, and using the Archive pane to submit for distribution, it asks about code signing again.  It's not clear to me why I'm selecting these things in 3 separate places.  So, I'd like to know if setting it once, such as below, works well or do I need to change them for each build?
  Or can I just use the Share (for local builds) and Submit (for Distribution) once this is all set Once and for all?

• Idsm 2- IPS Deployment

  I would like to configure an IDSM-2 in inline mode, I am having trouble about the deployment, I have a couple of questions;
  1. If you configure 2 VLANs (existing) as VLAN pairs does this mean the exist connection between the 2 VLANs is broken?
  ie they can only communicate to each other via IPS.
  2. Where is the best place to deploy this type of IPS?

  Hello
  1. If configure properly, it will definitely not break any connectivity (its a bump in the wire). Of course if some traffic is denied by any IPS signature itself, that is a different matter. Please see this example for more help:
  http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_example09186a0080876d9f.shtml
  2. Inline mode is deployed where you want proactive protection and the the IPS box you have has sufficient throughput and other resources that will allow it to monitor that segment of your network (or multiple segments for that matter..)
  Regards
  Farrukh

• IDSM on catalyst 6500 to provide IOS Inline mode support

  I am currently evaluating what kind of method to apply in my 6500. I would like to ask if IOS Version 12.2(33)SXI2a  support inline mode and inline vlan pair mode with IDSM-2???what configuration should be done with the switch in order for the multiple vlan traffic to flow with an inline interface of the IDSM2??? In my case I have 16 user vlans and 1 server vlan on catalyst 6500...The task is to protect the servers from users....The requirement is to configure inline mode to monitor the traffic from these 16 vlans when they access the servers...But as we know the IDSM-2 has only two logical sensing ports...So my question is how will you configure the switch to forward the traffic from these 16 vlans to the IDSM-2 module via only ONE sensing port, since the other sensing port will be configured in the server vlan???  Because as far as i know, when you configure inline mode on IOS,you will have to configure the sensing ports in access mode( While in CatOS, you configure these as TRUNK ports)...But this will work when you have only two vlans...But in my case, I have 16 vlans to monitor in inline mode..Please suggest any solution.
  Any urgent reply will be much grateful...
  Many Thanks in advance

  Hi Mubin,
     If you're looking to monitor all the traffic from the user VLANs to the server VLANs then the simplest way to configure the IDSM-2 would be inline on the server VLAN segment.  All traffic destined to the servers (from the users or anywhere else) has to traverse that VLAN.  Assuming you have something like this to start:
  VLAN 100-120 (users) ====== Switch ------ VLAN 200 (servers)
  you'd drop the IDSM-2 inline on VLAN 200 by using a helper VLAN:
  VLAN 100-120 (users) ====== Switch ----- VLAN 201 (server gateway) ----- IDSM-2 (bridging 201 to 200) ----- VLAN 200 (servers)
  To do this you'll need to perform the following steps:
  1.  Designate a new VLAN to use as a helper VLAN for your current server VLAN.  I'll use 201 for this example and assume your current server VLAN is 200.
  Create the helper VLAN on the switch:
  switch# conf t
  switch(config)# vlan 201
  2.  Configure the IDSM-2 to bridge the helper VLAN and the server VLAN (200-201)
  sensor# conf t
  sensor(config)# service interface
  sensor(config-int)# phsyical-interface GigabitEthernet0/7
  sensor(config-int-phy)# admin-state enabled
  sensor(config-int-phy)# subinterface-type inline-vlan-pair
  sensor(config-int-phy-inl)# subinterface 1
  sensor(config-int-phy-inl-sub)# vlan1 200
  sensor(config-int-phy-inl-sub)# vlan2 201
  sensor(config-int-phy-inl-sub)# description Server-Helper pair
  sensor(config-int-phy-inl-sub)# exit
  sensor(config-int-phy-inl)# exit
  sensor(config-int-phy)# exit
  sensor(config-int)# exit
  Apply Changes:?[yes]:
  3.  Configure the switch to trunk the helper and server VLANs to the IDSM-2 module.  I assume the module is in slot 5 in the example.  Replace the 5 with the correct slot for your deployment:
  switch# conf t
  switch(config)# intrusion-detection module 5 data-port 1 trunk allowed-vlan 200,201
  switch(config)# intrusion-detection module 5 data-port 1 autostate include
  *Warning! This next step may cause an outage if everything is configured correctly.  You'll probably want to schedule a window to do this.*
  4.  Finally, force the traffic from the server VLAN through the IDSM-2 by moving the server VLAN gateway from VLAN 200 (where it is currently) to the helper VLAN you created.  To do this, remove the SVI from VLAN 200 and apply the same IP address to VLAN 201.  I assume the current server gateway is 192.168.1.1/24
  switch# conf t
  switch(config)#int vlan 200
  switch(config-int)#no ip addr
  switch(config-int)#int vlan 201
  switch(config-int)#ip addr 192.168.1.1 255.255.255.0
  switch(config-int)#exit
  switch(config)#exit
  switch# wr mem
  Now, when the servers try to contact 192.168.1.1 (their gateway) they'll have to be bridged through the IDSM-2 to reach VLAN 201 and in the process all traffic destined to them or sourced from them will be inspected.  Do not put any hosts or servers in the helper VLAN (201) or they will not be inspected.
  Best Regards,
  Justin

• IPod touch 2nd Generation Sync and iOS question?

  So...my iTunes 9.2.1 told me iOS 4.2 is available, when I click update I get the iTunes 9.2.1 is the current version error, Okay I spoke with an iTunes rep about this and he says update to iTunes 10.1, Well I have a windows xP My mom's computer which I updated to 10.1, my question is _+*If I install iOS 4.2.1 on my iPod touch 2G throught iTunes 10.1 on the windows will I be able to still sync it with iTunes 9.2.1 after the iOS 4.2.1 is installed, so I may restore my backups and my apps etc and even sync new music?*+_ When I asked the iTunes rep about it he said yes after update the iPod should still sync with iTunes 9.2.1, has anyone tried this as of yet? any Help is much much appreciated. Thank you~

  Awww....I see...So I MUST buy Leopard.....its all cool then.....if I did update on that PC I'd have to start from scratch right? since I cannot sync back to the Mac afterwards?

• WISM 2 IOS Question

  Hi All.
  I have one upgrade question regarding WISM 2 and WS-6509
  Today my IOS is:
  System image file is "disk0:s72033-ipservicesk9-mz.122-33.SXH4.bin"
  Do a have to upgrade to 12.33 SXJ, or will 12.33 SXH4 work ?
  Can anyone help clarify?
  Thx !

  Do a have to upgrade to 12.33 SXJ,
  You have to upgrade to SXJ if you want to use WiSM2.  If you don't upgrade to this particular level SXH4 IOS will consider the new module as "un-identified" and, as a precaution, will power down the module.

• IDSM vs IPS 4200

  Hi all
  I'm trying to design a data center security solution. I have a 6509 E with sup 720 and FWSM. My concern now is whether to go for IDSM or a 4200 sensor. I know about the through put limitations of both products. Can you all highlight any other pros and cons ?
  thanks

  I would recommend going for the appliances. It gets pretty difficult to troubleshoot the network with FWSM and IDSM in the same chassis. Etherchannels, STP, MAC-Learning.......you have to look at all that to see what exactly is happening in the network and the path taken by a particular packet. Since you have a 6500, you can load balance multiple IPS sensors using ECLB.
  Also the appliances are modular, you can add interfaces etc.
  Another downside is most network monitoring/management software(s) do not supported the IDSM properly, this includes Cisco's LMS and BMC Visualis/Dashboard. You will find the IDSM as a 'disconnected' device on both the Ciscoworks Campus Manager and BMC Visualis (on the network diagrams).
  Regards
  Farrukh

• Director 12 and iOS question

  We have a series of about 50-100 Director projects that our science teachers love, but due to intellectual property/ownership of code/providing technical support issues, we have no desire to publish these apps to the iOS App Store. Is it possible to develop these as iOS binaries, use an internal provisioning profile with the Apple Enterprise Developer Program and install these only to devices controlled by the school district? While I love our stuff and would love nothing more to share it, we have no desire to deal with intellectual property issues or providing email tech support for these apps beyond our installed base.

  Last time we did something like that....it is possible. However, the provisioning is limited to a certain amount of devices (50?). Also, the provisioning expirs after time (6 months maybe?).
  Tkake a look into the Apple App Enterprise Development stuff if you want to do it the official way.

• Numbers iOS Question RE: Locking Tables & Charts

  I've created a number of tables and charts on the iPad to be used for an anesthesia record template.  How do I lock the tables and charts so that they don't inadvertently get moved or disturbed?

  iOS version doesn't have the lock ability.
  Jason

• Phone GAP Build setting iOS question

  I cloud CCT user.
  Dreamweaver > Site > PonGAP build site logged into the build.
  Check only iOS is the key, and nothing.
  Is this normal?

  You will need a Key to create a build for iOS. This article will provide you with the information for submitting your mobile app to the App store.
  http://www.adobe.com/devnet/dreamweaver/articles/phonegap-mobile-app-pt7.html#articleconte ntAdobe_numberedheader

• IOS questions

  It seems each time I do an IOS upgrade on a router or switch I'm trying to repurpose, I forgot all I learned the last time.
  I've read a lot today about the differences and the eight IOS "packages."
  The choices I have are: Advanced Enterprise Services and Advanced IP Services.  My current same-routers in production are using IP Services.  Is there any good reason to go to Enterprise Services?
  Also, I want to just use the old working config and make minor changes.  My last version was 12.3, and this will be 15.1.4.  Are there any gotchas on the configs that will change between versions that far apart?

  In some platforms I've seen features disappear from a feature set when upgrading. Not often, but it has happened and so means a change of feature set e.g., from IP Services to Advanced IP Services.
  Unless you run into that situation, I'd agree completely with Leo. Don't change feature set unless you need. There are several implications of doing so:
  - licencing cost of more advanced feature sets is higher, and why pay for features you don't use ?
  - the more advanced the image, the more memory (both flash and DRAM) so you may also end up needing hardware upgrades
  Regards
  Sent from Cisco Technical Support Android App

• IPS ver 5.x licensing questions

  I work for a reseller/MSS. Most of our customers are still running ver 4.1(5). One of our new customers has an NM-CIDS with IPS ver 5.0(2) already loaded. In the past we've just down graded the version. What are the differences in licensing/registration for the version 5 verses the version 4? I'd like to keep this customer on version 5, and start migrating other customers that direction. I'm just not real versed on the subscription, licensing, or registration issues for support and sig updates. Can anyone provide me some information or a good link to read about it?

  4.1 doesn't require any licensing. If you can get Sig update file from somewhere you can put it onto the sensor without any licenses. 5.0 currently behaves the same way. Look at this link for further details:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Expert%20Archive&topic=Security&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dda563b/26#selected_message

• HT5457 iTouch generation and iOs question

  I am trying to download some new apps. I am getting messages that they are incompatible with my iTouch. I am wondering if I have an old generation and operating system.  My settings say version 4.2.1.  Is that a second generation and can I upgrade my Os to 4.3?  Thanks!

  The iOS version itself doesn't say what model it is; the second generation iPod touch can't be updated past 4.2.1.
  (75488)

• IOS Question re Apps and iphone3

  I've just been given an unused iphone 3G but all the apps I want say I need ios 4.3 does that mean they are only for iphone 4? If so how do I search for just iphone 3 compatible apps? itunes is upto date. I have some of these apps on an ipad1 as well (such as temple run) but can't download a version for the iphone

  Your problem is that iOS 4.2.1 is the end of the line for an iPhone 3G...there are no further updates. Thus, any app that requires iOS 4.3 will not install/work on your phone. Every app in the app store lists the minimum requirements. You'll just have to look for apps that will run on an iPhone 3G.

• A general IOS question(7and up)

  HEy guys i have a question...when i enable these settings:reduce transparency and darken colors an the third eill they also affect in apps?and i wont grt the full metal graphics?(im on air 1) thanks

  I wouln't bother changing any of settings. First screenshot is normal, second is darken image, I see no difference.