IOS IPS and VMS and shunning

Similar Messages

• IOS IPS ver 5 and high memory usage

  Hi,
  Is anyone else having high memory issues when using ver 5? I have installed on a 1801 with 128 M memory. It only has 4 M free now. Is there a way to reduce the active signatures? I have disbaled some but the number of active is still at 338.
  Thanks,
  Scott

  This issue usually occurs because of a memory leak. However it cannot be said that it is due to the IPS service running whcih is causing this problem. Following links may help you
  http://www.cisco.com/en/US/products/ps6634/prod_white_papers_list.html
  http://www.cisco.com/en/US/products/ps6634/products_white_paper0900aecd8057558a.shtml

• No S284 or S285 sigs for the IOS IPS?

  Cisco released S284 and S285 this week, but for IOS IPS in Mainline and T-Train Releases prior to 12.4(11)T, there are no updates on CCO. Has signature update support for prior to 12.4(11)T stopped? Did I miss an End of Life notice? If not, how long DO I have to get on the new 12.4(11)T and later train?
  See for yourself (link taken from the Cisco IPS Active Update Email):
  http://www.cisco.com/cgi-bin/tablebuild.pl/ios-sigup

  For some reason, I can not access above link, so
  the problem may have been fixed already. This
  was related to a scripting issue, we are and will continue to support signatures updates for Mainline and T-Train Releases prior to 12.4(11)T
  releases till June 2008.
  kemal

• IOS IPS and SDM 2.2.a

  Hello everybody!,
  I have installed a Cisco 2821 Router with 12.4(4)T IOS version. And SDM V2.2.a. (enteprise service IOS image).
  The router have 256MB Ram and 64MB flash memory.
  From the SDM Interface cannot upload any .sdf file and cannot edit the signatures and tune de IOS IPS.
  Do you know how i can fix that problem?.
  Thanks for the answers friends.

  Hi,
  To add more info, here is the info on defect filed on SDM for RCP issue and workaround suggested.
  Symptoms:
  Issue 1) Installation of SDM version 2.2a or earlier on a router fails with RCP failure message.
  Issue 2) "Load File from PC" feature of File Management dialog in SDM version 2.2a or earlier
  fails.
  Conditions:
  These issues will be encountered for IOS images 12.4(4)T and above.
  SDM uses RCP for installation operations. This problem occurs because the fix for CSCdu34824 in
  recent Cisco IOS releases has changed RCP behavior. Because of this change, if the RCP client
  uses a non-privileged port , the router RCP server does not respond and the above issues occur.
  Workaround:
  1) For Issue 1 :- Use the copy tftp flash command to copy SDM related files from PC to router.
  2) For Issue 2 :- Use the copy tftp flash command to copy the required file from PC to router.

• IOS IPS for blocking IM and P2P

  Any recommendations on the best way to use IOS IPS to stop P2P and IM?
  I set up a 3845 with 12.3(14)T1 to do this by importing signatures from the latest SDF using SDM. I used the attack-drop, and all IM and P2P signatures I could find. I changed them all to drop and reset. I then applied it to the inside interface of a 3845. I also set up nbar with a drop policy for all P2P traffic.
  The configuration caused very slow web response time for users, including blocked pages. Removing the IPS filter made everything work properly again. The router also stopped rebooting periodically.
  Is there a recommended way to set this up that does not cause slow performance and reboots?

  OK, went back and loaded some upgraded software. Now using 12.4.1 Advanced security IOS on the 3845, and SDM 211. The new 256MB.sdf signature file has all the IM and P2P signatures in it already!
  After applying the IPS inbound on the serial interface, I changed the UDP signatures action to drop and the TCP to drop/reset.
  Everything appears to be working beautifully. Yahoo and MSN messenger get dropped, as well as the peer to peer requests. I am unable to download Bittorrent. Web access is fast, and there is no hesitation by the router in configuring the IPS.
  This appears to be a great solution so far.

• IOS IPS and Multicast

  Can a router using the IOS IPS also be enabled for multicast? Are there any limitations when doing this?
  Thanks,

  Yes. you can still use multicast. But IOS IPS does not scan multicast traffic.
  Thanks,
  -Chris

• 2811 IOS IPS VMS Configuration

  I have several already deployed 2811 that I'd like to turn on the IPS feature. IOS firewall is already running. We also have just deployed VMS. Is there any order that need to be followed to get these into VMS. Should I import them into Router MC or IDS MC first? IDS MC documentation isnt clear to me setting up IOS IPS.
  thanks in advance

  No particular order (that I am aware of).
  As far as Security Monitor to monitor IDS Alerts, I choose the hard way and just manually added each of our devices, tedious but all is working.
  As far as Performance Monitor, I imported from RME
  The bulk of our routers run 12.3(11)T and 12.3(11)T2.
  We have a ton of 831's and I choose for them to send alerts via PostOffice rather than waiting for collections via SDEE because the memory in the 831's (48MB) are already just about maxed out (Regularly over 80%) just running the daily needed applications (VPN and CBAC). We have some 1700s and 2600s out in the field too that are not as taxed.
  if you choose the PostOffice route (or test it out) then here are the commands and steps you need:
  First add the device in Security Monitor to use PostOffice
  then from the router console, ssh, etc........
  ip ips notify nr-director
  ip ips po max-events 100
  ip ips po remote hostid [VMS Host ID#] orgid [ORG #] rmtaddress [VMS IP Address] localaddress [Router IP Address] port 45000
  ip ips po local hostid [Router Host ID#] orgid [Org ID#]
  exit
  write mem
  reload
  Once you reload it will send an initial packet to VMS and the router will register as 'Connected' in Sec Monitor.
  You should make sure that the 'ip ips po' commands are accepted in your IOS version
  I don't know what your memory consumption is like in your 2800 Router but the config for SDEE Event Collection is much less involved. If your router has resources to spare this is the way to go.

• Router NME IPS - use promiscuous and inline mode simultaneous

  Hi all,
  we are using the IPS module NME-IPS-K9 on a Cisco 2951 router. We like to use the IPS in promiscuous and inline mode simultaneous. For example traffic from a client to a server should pass through the IPS. But the IPS should only recieve a copy of the VoIP traffic.
  In the interface configuration mode the following command is set.
       ids-service-module monitoring promiscuous access-list 101
  If I try to set a interface to inline mode I get the following message:
       "Only either Inline or Promiscuous
       monitoring is supported on the router at one time.
       Please remove Promiscuous monitoring on all interfaces
       before configuring Inline monitoring. Only either Inline or Promiscuous
       monitoring is supported on the router at one time.
       Please remove Promiscuous monitoring on all interfaces
       before configuring Inline monitoring."
  Is there any way to use promiscuous and inline monitoring at the same time? Is there a firmware update available which includes this feature? Any other idears?
  IOS version of the router: 15.0(1)M4
  IPS version:  7.0(2)E4
  Kind Regards

  In promiscuous mode your sensor doesn't affect the traffic but it only listen and analyze it.
  In inline mode you direct all your traffic on this network segment you want to protect to IPS and it analyze it and block some actions according to your settings.
  It is the main difference. Which mode to prefer must be your decision.

• VMS and CSM migration for free or reduced cost (act now) expires 4/2/07

  I can't find the posting where there was a heated discussion regarding VMS and Cisco forcing users to BUY Cisco Security Managager (CSM).
  I looked around and found a link to a trade-in program where users can get a free upgrade to CSM. Please post questions to this mail and I will answer. I am just a concerned Cisco Systems Engineer and not a marketing guy so bear with me as we find the answers together.
  I am going to copy and paste the info and links.
  ---Copy paste----
  http://www.cisco.com/en/US/products/ps6498/prod_bulletin0900aecd803ffd79.html
  Migration Options from CiscoWorks VPN/Security Management Solution
  Cisco is not adding support for new features and new devices in CiscoWorks VPN/Security Management Solution (CiscoWorks VMS) after the release of Cisco Security Manager. Furthermore, support for devices such as Cisco ASA 5500 Series Adaptive Security Appliances is only be available with Cisco Security Manager. Customers that require provisioning for Cisco firewalls, VPNs, and IPSs will want to plan their migration to take advantage of significant enhancements in the new software.
  Customers with a current Cisco Software Application Support (SAS) service or Software Application Support plus Upgrades (SASU) service for CiscoWorks VMS are entitled to a defined device license for Cisco Security Manager at no additional charge. The value of the new license is higher than the cost of the original CiscoWorks VMS purchase. Customers with a current CiscoWorks VMS Basic license that have a Cisco SMARTnet? contract, or a Cisco Services for IPS contract with selected IPS hardware, can also upgrade to Cisco Security Manager. See Tables 2 to 4 for the upgrade licenses that can be requested at no additional cost from http://www.cisco.com/upgrade. The appropriate upgrade option will be visible on the Website if you have an eligible service contract with an existing CiscoWorks VMS license.
  Note: All no charge and discounted offers to upgrade from CiscoWorks VMS to Cisco Security Manager will be discontinued after April 2, 2007.
  Regards,
  Ray Aragon

  Ray,
  I think the posting that you are referring to is here:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddd2017
  Some very interesting points were raised but the main issue is about functionality rather that cost. Basically, CSM does not fully replicate the functionality of VMS (see the thread) and this is the main issue for a lot of folks.
  What might be useful is for Cisco to ask the question "what functionality would you like to see in CSM?" - and publish the answers somewhere, to allow folks to vote on the proposed features and/or add new requests. Just an idea.
  Andrew.

• IPhone 5 iOS 6.1.4 and Windows 7 x64 USB Driver Issues

  Been pulling my hair out with this one for the last week or so and haven't had any luck finding anything on the forums or the web regarding a solution short of a full reinstall of Windows 7 which I am not prepared to do at this time; so hoping someone here can shine some light on this for me
  I have a iPhone 5 that is updated to iOS 6.1.4 and a recently built Windows 7 64-bit machine. All of my other USB devices function fine (keyboard, mouse, Xbox 360 wireless receiver for Windows, and a Seagate 2TB external USB drive). I've downloaded the most recent version of iTunes, installed successfully and then attempt to plug in my phone to sync. I get the standard Windows *ding* that I've attached a device and 1 of 2 things happens (I haven't been able to determine what causes one reaction to happen versus the other): Windows will successfully install the 'Apple USB Mobile Device Driver' successfully and it will appear under my USB devices in Device Manager. However - iTunes will not recognize the phone and I cannot see it in Windows either. In the 'Devices and Printers' snap-in my iPhone will appear under 'Unspecified Devices' as the 'Apple USB Mobile Device'. The iTunes diagnostics fail to find a connected device so the tests fail. As soon as I unplug the device, the strangest thing happens: Windows will start trying to install a device driver and after a few seconds it will fail stating that the "MTP Device Driver" installation failed because the device was unplugged. iTunes also thrown an error "iTunes cannot connect to this iPhone" throwing error code 0XE8000065 (I've also seen error code 0XE8000085 as well)
  After some finagling, I've managed to get Windows to recognize the device under 'Portable Devices' in Device Manager as an "MTP USB Device" using the generic driver. At this point, I've tried updating the driver and manually specifying the Apple USB driver located in the C:\Program Files(x86)\Common Files\Apple\Mobile Device Drivers which updates successfully but then changes the device to "Apple USB Mobile Device" and moves it under the USB Devices in Device Manager; and Windows nor iTunes can see it even still.
  I've tried removing iTunes several times and ensuring that all remnants of the installation are gone (registry and folders on the installation drive) and have disconnected all my USB devices short of the keyboard and mouse and still I get the same results. At this point, I'm afraid that a re-install of Windows is going to be the solution; but it's a drastic one (I have a SSD drive where Windows is installed along with all of my games for faster load times/better performance and do not want to have to redownload\reinstall all of them) and I'm not prepared to undertake it at this time, which is why I'm posting here
  I've used a utility called USBDeview that sees my phone is connected - so I know from a functional standpoint that my USB ports are good and working. I also know the cable is good too - my daughter's PC (Windows 7 32-bit with NO iTunes) immediately sees the device when I plug it in, installs the drivers, recognizes it as an iPhone and I can then see/browse it in Windows Explorer like I would normally expect. My work PC (Windows 7 64bit, NO iTunes) sees the device just fine as well. I would immensely appreciate anyone that has seen this issue or has any additional solutions I can try.
  It's also worth mentioning that I've never used Kapersky antivirus so the UPPERFILTERS value in the registry that I've seen as a solution on some forums is not present on my machine. I'm using Microsoft Security Essentials as my antivirus (no flaming please lol - it meets my needs and is extremely lightweight, which is why I'm using it on a gaming rig) and it's not indicating any issues. I've also tried running iTunes as an administrator (even though my account is a local admin on the machine) and that does not have any effect either.
  If there is anything I left out, please let me know; and I thank you in advance!

  AphexTwin wrote:
  - no Apple input?
  Of course not.  Didn't you bother to read the TOU of this forum?  This is a USER TO USER technical support forum.  Apple doesn't post here.

• I recently downloaded iOS 6.1.3 and I can no longer put any music on my iPod

  I tried to synchronize my iPod with iTunes, and a box popped up telling me it couldn't sync and that I had to restore. So I restored my iPod, and another box came up and said that a new update was available and asked (it didn't really give me a choice, actually) if I wanted to restore and update and gave me two options, "restore and update" or "cancel" so I chose the former. When my iPod had finished updating and restoring, it wiped all my apps, songs, and videos, and no matter how many times I sync it, I can't get anything back on. My content bar (the bar thingy with the colours that show the amount of space your songs, videos, etc are taking up) fills up like it should, and then I sync my iPod. The process is as it usually is, but as soon as it finishes, my content bar drops down to nothing. I can't get any of my music and videos back on my iPod, even though everything is still there in my iTunes library.

  I have the same problem with my ipod 4th gen 32gb! My music is all in the library but I cannot get it to go onto my ipod!! Ever since the latest iOS 6.1.3 update! I have restored my ipod, backed it up, done absolutely everything!! Nothing works! Please help!

• HT1386 I have a brand new ipad with iOS 6.1.3 and an imac with OS 10.5.8. I cannot update my OS on this machine, but want to sync the new ipad. What can I do?

  I have a brand new ipad with iOS 6.1.3 and an imac with OS 10.5.8. I cannot update my OS on this machine, but want to sync the new ipad. What can I do?

  If it's an Intel Mac, you can upgrade it to Mac OS X 10.6.8.
  If it's a PowerPC Mac, you need to use these instructions and/or iTunes Match to put content on the iPad.
  (83068)

• On my iPad I have installed the update ios 7.0.4 and now I can't send emails from the mail app is it just me or a problem with the update?

  On my iPad I have updated the software to iOS 7.0.4 and now I can't send any emails from the mail app.  Is this me or the update?

  iOS: Unable to send or receive email
  http://support.apple.com/kb/TS3899
  Can’t Send Emails on iPad – Troubleshooting Steps
  http://ipadhelp.com/ipad-help/ipad-cant-send-emails-troubleshooting-steps/
  Setting up and troubleshooting Mail
  http://www.apple.com/support/ipad/assistant/mail/
  Server does not allow relaying email error, fix
  http://appletoolbox.com/2012/01/server-does-not-allow-relaying-email-error-fix/
  Why Does My iPad Say "Cannot Connect to Server"?
  http://www.ehow.co.uk/info_8693415_ipad-say-cannot-connect-server.html
  iOS: 'Mailbox Locked', account is in use on another device, or prompt to re-enter POP3 password
  http://support.apple.com/kb/ts2621
  The iPad's Mail app has no provisions for creating groups. However, you can use a third party app that many users recommend.
  MailShot -  https://itunes.apple.com/us/app/mailshot-pro-group-email-done/id445996226?mt=8
  Group Email  -  https://itunes.apple.com/us/app/group-email!-mail-client-attachments/id380690305 ?mt=8
  iPad Mail
  http://www.apple.com/support/ipad/mail/
  Configuration problems with IMAP e-mail on iOS with a non-standard SSL port.
  http://colinrobbins.me/2013/02/09/configuration-problems-with-imap-e-mail-on-ios -with-a-non-standard-ssl-port/
  Try this first - Reset the iPad by holding down on the Sleep and Home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons. (This is equivalent to rebooting your computer.)
  Or this - Delete the account in Mail and then set it up again. Settings->Mail, Contacts, Calendars -> Accounts   Tap on the Account, then on the red button that says Remove Account.
   Cheers, Tom

• I have just purchased a lightning to 30 pin adaptor to use on an iPad mini and a gen5 iPod touch both devices are running iOS 8.1.3 and come up with The error message "this accessory is not supported by this device "

  I have just purchased a lightning to 30 pin adaptor to use on an iPad mini and a gen5 iPod touch both devices are running iOS 8.1.3 and come up with The error message "this accessory is not supported by this device "
  THis is means they are not charging on a 30 pin cable and the touch won't work in my Apple iPod dock - no audio out or charge. Have re powered both devices to no avail am wondering if the iOS version is the problem
  Help!

  If it is a lightning to 30 pin adaptor, and you have a 7th Generation Nano it has to fit the Nano.
  This is lightning to 30 pin adapter: http://www.bestbuy.com/site/Apple%26%23174%3B---Lightning-to-30-Pin-Adapter/6651 936.p?id=1218803450821&skuId=6651936#tab=overview
  Is this what you bought?
  You need to contact Sony and see if they model you have is compatible with the docking adapter. It may not be.

• HT4972 I have ipad 1 . And i want to update it from ios 4.3.5 to ios 7 but i can't why ?? Please help me becouse i can't download apps from app store !!!!!   I would suggust:  1 to create a big camera for i pads and ipods and iphones so we can put it in a

  I have ipad 1 . And i want to update it from ios 4.3.5 to ios 7 but i can't why ?? Please help me becouse i can't download apps from app store !!!!!
  I would suggust:
  1 to create a big camera for i pads and ipods and iphones so we can put it in another ipad or ipod or iphone and it has a zoom lens
  2 when i downloaded photos and music from a computer to my ipad , i cant delete them now plese do the itunes like samsung becuz samsung have an easier way to download thing from computer
  I hope to help me with my poblome and fix it please !!??
  And i hope to take my suggusts and make me happy becouse apple it is cooler from samsung
  Apple the best
  H.M

  The iPad 1 can't run the newer operating systems. It'd be like trying to play a bluray disc in your 6 year old dvd player....it simply lacks the hardware to make the software run.
  No suggestion about the camera, but given that Apple's attitude seems to be to focus more on the more mobile devices for photography (the iPhone and Touch cameras got features, the iPad and mini didn't), that is highly unlikely. You can tell Apple what you want, but you'd probably be money ahead to get a digital camera.
  as to the photos, anything put on via iTunes has to come off via iTunes.Your main alternative would be to look for photo apps that offer file exchange that may give you more functionality.