IPS in datacenter

Similar Messages

• Router Performance - Branch equipment in Datacenter Enviroment

  Hello,
  3 Years ago I designed a new Datacenter LAN & WAN Network for a Customer.
  He told me the final Size and growing for the next 2 Years and i made several suggestions.
  The Smallest Platforms in my Suggestion was 3945E.
  But he told me to start with the smallest possible Router Platforms and WAN links.
  The idea behind this was to keep the Initial Budget low and to change Router and Links as needed.
  So almost all routers expect the VPN HUPs are at the moment 1921/K9.
  Now after 2 Years running the Systems without Problems there customer like to start a performance Review for budgeting due to the need to double the User Load.
  According to the "small" Router Platform i was expecting the need to Change some or all of them. At least the Internet Routers und Main routers.
  I checked CPU, Memory and Interfaces of all of them.
  But Memory is Ok and CPU usage are still below 50%. So those "small Branch" equipment seems to work very well in this Datacenter environment.
  The Platform 1921 should only be able to handle up to 15Mbit (with Features enabled) but the Routers deliver much more without Problems.
  I know that it depends on the Features used like VPN IPS ACLs ect. ....
  Some of them are used for Plain Routing with small Tables (Up to 150 Networks) and basic BGP functionality, other ones for Internet Access at 100Mbit (used only 30Mbit average / Peak up to 50Mbit at present)
  So my Question is now:
  Are there some other Indicators than the CPU & Memory usage who tell us that the Routers may run out of Power?
  Or are there some Soft limits that may produce some Problems before CPU & Memory limits are reached?
  I don’t seed any Packet drops or any other bad behavior.
  What are your recommendations?
  Thanks for the Reply!
  Tracer

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  On most small Cisco routers, I would say CPU usage is the key indicator.  However, capacity isn't always linear.  50% current usage may not predict you can handle twice the bandwidth of the same kind of traffic.  (Also, as a general rule, you don't want to average above 75%.)
  The attachment, might help you "shop" for Cisco router to meet your future needs.

• IPS 4270 with 6509 VSS in Promiscous mode

  Dear all,
  I am trying to figure out how to configure 2x IPS 4270 in promiscous mode with Cisco 6509 VSS:
  I have attached the LLD core datacenter design including the IPS physical placement in my network.
  The following points are my concerns in this design:
  Shall I connect each of the IPS 4270's into VSS Chassis A and B, or I keep each IPS connected to different Chassis? (considering the SPAN port configuration on VSS and if I could encounted Asymmetric routing issue or not).
  Can I use Etherchannel in either case (keep in mind it's promiscous mode), that means the destination interface on the VSS will be an Etherchannel interface, but does the Cisco IPS 4270 support Etherchannel while in promiscous mode?
  I really appreciate your input on this matter guys.
  Cheers
  Mohammed Khair

  Hi,
  1.You can Connect the each IPS into Chasis A and B  That is Not  aproblem .But While Configuring the RSPAN Monitor From A to B and B to A should monitor the both vlans ( i mean RSAPN A and B also vice versa in your config then it will give both out put even connectivity between IPs and chasisi one fails also)
  2.IPS Supports the Etherchannel while in promiscous mode as well.

• ASA5515X-IPS management 0/0 to LAN

  I've recently setup two ASA5515X in A/S each with IDS. When I had them in the lab I was able to access the IPS's via IME but now that it's at the datacenter it's not working (of course). I've got the IPS configured with an IP on our LAN and the ASA's Management0/0 interface configured as:
  interface Management0/0
  no nameif
  security-level 100
  no ip address
  management-only
  The Management0/0 interface is plugged into a switchport on our LAN VLAN. From the ASA it's seeing the IPS as Up and I've verified the IPS network settings. Any ideas? Did I forget something? TIA!

  When I run "show interfaces" I only get statistical information, nothing L2:
  Interface Statistics
     Total Packets Received = 0
     Total Bytes Received = 0
     Missed Packet Percentage = 0
  MAC statistics from interface Management0/0
     Interface function = Command-control interface
     Description =
     Media Type = TX
     Default Vlan = 0
     Link Status = Up
     Link Speed = Auto_1000
     Link Duplex = Auto_Full
     Total Packets Received = 0
     Total Bytes Received = 0
     Total Multicast Packets Received = 0
     Total Receive Errors = 0
     Total Receive FIFO Overruns = 0
     Total Packets Transmitted = 171
     Total Bytes Transmitted = 7182
     Total Transmit Errors = 0
     Total Transmit FIFO Overruns = 0
  MAC statistics from interface PortChannel0/0
     Interface function = Sensing interface
     Description = Backplane
     Media Type = backplane
     Default Vlan = 0
     InlineMode = Unpaired
     Pair Status = N/A
     Hardware Bypass Capable = No
     Hardware Bypass Paired = N/A
     Link Status = Up
     Admin Enabled Status = Enabled
     Link Speed = N/A
     Link Duplex = N/A
     Total Packets Received = 988315
     Total Bytes Received = 77088570
     Total Packets Transmitted = 988315
     Total Bytes Transmitted = 77088570

• Service Modules in 6500s, IPS/IDS and Stand-alone options.

  Hi,
  My first post here and it's a question regarding knowledge that I can't seem to find via CCW and through people I know.
  Does the Service Module in the 6500 i.e. WS-SVC-ASASM1B-K9 come with or support an IPS/IDS option?
  Does a stand-alone ASA5500 come with an installed IPS/IDS option.
  Thanks.

  > Does the Service Module in the 6500 i.e. WS-SVC-ASASM1B-K9 come with or support an IPS/IDS option?
  On the Cat6k5 is the IDSM2. Thats a completely outdated module with 500 MBit/s of throuput. For the Datacenter designs Cisco recommends the standalone IPS 4500 instead a module if you need good IPS throughput.
  > Does a stand-alone ASA5500 come with an installed IPS/IDS option.
  The ASA has build-in IPS with a fixed signature-set that is not such rerlevant. The better way of doing IPS on the ASa is to have an optional IPS-module. These modules are didicated hardware on the legacy ASAs (the ones without -X) and pure software-modules on the new ASAs. The 5585 is an exception where IPS is also a dedicated hardware-module.
  Sent from Cisco Technical Support iPad App

• Installation problem on windows server 2008 r2 datacenter edition 64bit

  hi
  today, i tried to install the current maxdb 7.8 release on my virtual server with a windows server 2008 r2 datacenter 64bit edition os. at the first installation, i got an error message something with "rte runtime error". at this point, the installation stopped.
  because of this error, i tried to uninstall the failed installation. this was not possible, in the uninstaller, i didn't see any components, so i can't uninstall.
  so i tried to delete the files manually: the entries in the start menu, and the application's path under "program files"... first, i need to kill a process named "serv.exe", that creates a tcp daemon under port 7200... after killing it, the deletion of the dir in program files was successful.
  this is very very weird, now my server is "contaminated" with an uncomplete uninstallation of maxdb...
  why maxdb 7.8 has problems on windows server 2008 r2 datacenter 64bit edition???
  thanks for feedbacks!
  regards, jan

  > no, because i canceled this virtual server - another method to solve this problem. (i have really no time for things like that..!)
  If you take the time to give exact error messages then someone will be certainly able to help
  > on windows server 2003, there are NO problems.
  Windows 2003 != Windows 2008 - they use a different kernel, a different security system (UAC) and other features that may prevent a succesfull installation in the first place.
  I installed a MaxDB 7.8 just today on Windows 2008 R2 and it worked fine.
  Markus

• How to install IE8 on Windows Server 2008 R2 Datacenter?

  Hello.
  Can anybody tell me, how to install IE8 on 2008 R2 Datacenter?
  I've downloaded this http://www.microsoft.com/en-us/download/internet-explorer-8-details.aspx for "Windows Server 2008 64-bit and more..", removed IE11, IE10, IE9 from installed updates, and runned "dism /online /disable-feature
  /featurename:Internet-Explorer-Optional-amd64".
  And nothing helps. I've got a message "Internet Explorer 8 is not supported on this operating system".

  you can't "install" IE8 on WS2008R2, nor on Windows7 - because those OS's shipped with IE8.
  IE is an OS component, and so when you "upgrade" or "downgrade" IE, you are affecting an OS component.
  What this means is that the "IE8" download you are trying to apply, is actually IE8 for WinXP or maybe WinVista.
  You can usually "downgrade" Win7 back to IE8, by uninstalling the newer "upgrade" of IE - this causes the OS to automatically attempt to revert to the prior IE version.
  This reversion assumes/requires a healthy OS and component store (CBS), including all the pkgmgr file needed to revert to component.
  Sometimes, the component store is damaged, or is missing files.
  you may need to check the CBS logfiles, and may need to perform SFC /scannow
  You may need to use CheckSUR to repair system health.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• How to allow access only from certain IPs?

  I have Portal Server 6.0 on Sun ONE Web Server and want to allow access to it only from certain IPs, i.e. if my IP differs from predefined, then access is denied (no page is opened).
  How can I implement this with minimal efforts?
  Thanks in advance!

  Where did you set the ACLs?
  When webclients connect direct to the portal/ids this is pretty straight forward using htttpacl files. When SRAP GW's are used for Internet portal access the web or app-server never sees the client IP thus those ACLs don't get applied.
  Am I missing something (won't be the first time... or the last:-)
  Cheers,
  -psr

• Can i upgrade my HP ENVY J001TX Laptop Screen to IPS Screen.

  Hi,
  I am currently using HP Envy J001tx Laptop. All are exceptional in this other than the laptop display.Is there any way i can upgrade my laptop screen to IPS Screen or some othe screen with good color calibration with better viewing angles???????
  Note : My Display is FHD Brighview display (but viewing angles and color richness is very poor)

  Hello Vashif, welcome to the HP Forums.
  According to the Maintenance and Service guide for your notebook, these are the screen's available for your notebook:
  (2) 17.3-in, LED. HD, BrightView display panel (includes 2 rubber screw covers):
   17.3-in, AG, FHD, LED 720256-001
   17.3-in, BV, HD, LED 720257-001
  You can find this on page 28.
  I hope this answers your question. Thank you for posting on the HP Forums.
  I worked on behalf of HP.

• CA web enrollment page is not shown in windows server 2008 R2 Datacenter edition

  hi friends
  on a windows server 2008 R2 Datacenter, i have installed ADCS (including web enrollment), & every thing is ok.
  but when i connect to CA web enrollment page to request a certificate for my web server, when i select advanced certificate request, system doesn't show the page which we select which register our name & specification & we select which certificate
  template do we want.  instead it shows the page 
  in windows 2008 R2 enterprise edition this problem doesn't exist. also in standalone CA web enrollment page this problem doesn't exist.
  any help pleas
  thanks in advance

  forget about enrollment web pages. With Enterprise CAs you should consider to use Certificates MMC snap-in:
  http://technet.microsoft.com/en-us/library/cc754490.aspx
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.
  hi thanks.
  i am familiar with cert snap-in, but i wanted to know can we restore previous web enrollment page which delivered us the ability of enroll

• Windows Media Player on Windows Server 2012 R2 Datacenter Edition

  I have a server with Windows Server 2012 R2 Datacenter edition installed. This server is being used as a terminal server and I needed to have Windows Media Player installed in order to use a certain feature of a program running on the terminal server. After
  researching online I found that all I should need to do is install the Desktop Experience feature and Windows Media Player was included in that. After installing the Desktop Experience feature and restarting the server, I was not able to find Windows
  Media Player anywhere. I tried the same process on another server running Windows Server 2012 R2 Datacenter with the same results.
  I was curious as to if this was a Datacenter thing where it was specifically not included with Datacenter edition. I was not able to find any documentation stating that WMP was not included in Datacenter, and everything that I found stated that the feature
  sets for Standard and Datacenter were the same, it was just the licensing for them was different.
  Curious to see if it would get installed with Desktop Experience on Standard, I spun up a Windows Server 2012 R2 Standard VM and installed Desktop Experience and sure enough WMP was installed as well. I then upgraded the Standard VM to Datacenter with a
  Datacenter product key and after a restart WMP was still present.
  I have also tried this exact same process with Windows Server 2012 (non R2) Datacenter edition and WMP was installed as expected, so it appears that this is only a problem with R2.
  My question is, I this "works as designed" and I was just not able to find the documentation to support it or is this a bug?
  Update: After doing some more playing around I noticed that if I did a clean install of Windows Server 2012 R2 Datacenter and then installed the Desktop Experience feature and WMP does get installed. Then I remembered that on the servers that I was trying to
  install WMP on and it wasn't working were upgraded from 2012 to 2012 R2. So I created a brand new VM and installed Server 2012 Datacenter (non R2), then upgraded to Server 2012 R2 Datacenter and installed Desktop Experience and sure enough, WMP did not
  install. So now I really think it is a bug and it is related to the 2012 to 2012 R2 upgrade process.

  Hi Caleb CSG,
  Thanks for your feedback.
  I'll feedback a report to Microsoft, and I also recommend you can post this bug in Microsoft connect.
  https://connect.microsoft.com/WindowsServer/feedback/CreateFeedbackForm.aspx?FeedbackFormConfigurationID=5352&FeedbackType=1
  Best Regards,
  Anna
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to change the default servcie port number to be checked for the IPS sig

  Dear
  i have an AIP-SSM (IPS) installed in a an ASA firewall.
  i have configured an access-list in the firewall to forward the traffic coming from the internet toward the internal server to be checked by the IPS module.
  but the case is that the services have to be checked is not the default services port numbers.
  http port is 8081
  oracle port is 2006
  and many other services.
  the question now, is how to change the default service number in the IPS in order to be checked by the corresponding service signatures?
  Thanks

  You would set those as part of the signature variables.
  http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_signature_definitions.html#wp1040009

• Routing issue- seeing same IPs for two hops

  Hello All,
  I'm seeing two same IPs in the traceroute output. Is that due to routing issue that nexhop is as the same device for the first time?
  Log:
  6  10.30.102.26  61.060 ms 10.30.100.142  61.266 ms 10.30.102.26  61.071 ms
  7  10.30.102.26  61.139 ms  61.211 ms 10.61.191.2  60.948 ms
  Can you  guys help me to fix the issue??
  Regards,
  Thiyagu

  Are you load balancing anywhere?
  6 10.30.102.26  61.060 ms
     10.30.100.142  61.266 ms
     10.30.102.26  61.071 ms
  7 10.30.102.26  61.139 ms  61.211 ms
     10.61.191.2  60.948 ms
  HTH,
  John
  *** Please rate all useful posts ***

• Decoding IPS logs

  Hi,
  Need guidance on decoding IPS syslogs(alerts). We monitor IPS logs and there we could see some decoded messages appearing for cid.context.cid:fromTarget, cid.context.cid.fromAttacket, cid.triggerPacket fields. Would like to understand what these fields are, how to decode these messages (any tools/url for decoding), why cisco has made these contents to appear decoded (any specific reason), how this will help us in analyzing such alerts.
  Thanks!
  -Jag.

  Please use the below guide for message fields
  http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_packets.html

• DNS Issues - Can ping server name and IPs but not FQDNs.

  Hi All, 
  Hopefully some one can help me here, I am having an issue where one of my domain attached servers cannot ping any FQDNs in the environment but it can ping the host names and the IPs and look up the host names from a reverse look up. 
  We have done the following troubleshooting:
  Flushed and registered DNS cache.
  Restarted the DNS client and net logon services on the effected server
  Preformed standard checks and commands such as:
  Checked the event logs and found there were warnings for DNS registration.
  Compared the DNS settings in the network adapters across the rest of the servers in the environment and found that they were all the same. DNS Suffixes are added in the correct order and are set to register.
  Pinging FQDNs which is not giving any results.
  Tracert FQDNs which is also not giving any results.
  Nslookup which is querying the DNS server directly and giving results as expected
  Ran the command which reported successful: dcdiag /test:registerindns /dnsdomain:sub.domain.net /v
  Checked and updated the permissions on DNS for the affected server to give the server full control of its own DNS entry. 
  Replaced the DNS Client service DLL with one from a server that is working as expected. 
  Also worth noting is that the affected server (as well as every other server in the environment) has 2 NICs, one that communicates with DNS and AD and the other does not have any DNS IPs set. 
  Not this is not the first time this happened, a reboot fixed the issue before but it seems to be a reoccurring problem now. 
  If any one can shed some light on this issue I would be grateful.
  Regards,
  Steve. 

  Hi Steve,
  First, we should confirm if this issue is caused by DNS.
  When you ping the FQDN, does the server show the correct corresponding IP address?
  If no, there should be some error messages. If it is possible, please post the screenshot of this issue.
  To check the process about how does server resolve the FQDN, please follow the steps below:
  clear local DNS cache with command ipconfig /flushdns
  perform the network capture
  ping the specified FQDN
  Check the DNS traffic
  To download Network Monitor, please click the link below:
  http://www.microsoft.com/en-hk/download/details.aspx?id=4865
  Besides, have you tried to update the NIC driver to the latest version?
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]