No RDEP in IPS 7.0?

Similar Messages

• Cisco ips 4270 cpu 100% utilization...

  hi folks i have cisco ips 4270 version 7.0(2) E3 when i try to access it through IDM its show the cpu utilization of cpu1=100% and cpu4=100% but cpu1 and cpu2 are varying can any one please tell me what will be the solution of this problem...
  when i try to go to the configuration then its give me the attached error..........document attached please check....

  Hi,
  Having 100% on some of your CPU is normal on the IPS platform.
  The device is using it's idle cycles to prepare for the handling of the incoming packets and to reduce the delay it will introduce on their path so it is expected to get this even when under low load.
  If you want to have a better idea of the capacity % of your IPS you are currently using, you should have a look at the Inspection Load value. Looking at the data you provided, you are around 25% at the moment.
  For the rdep timeout message, it seems to be a software issue. Looking closer at the picture you attached, we also see "Analysis Engine Status: Not Responding".
  It is a bit difficult to troubleshoot those on CSC so I would advise you to open a TAC case if you want to know the exact root cause.
  What I would advise is to upgrade to the latest 7(0) code which is I believe 7.0(5a)E4 since the issue is most then likely fixed in this version.
  If you are looking for a quick fix, a reboot of the IPS should clear this but the problem will most then likely come back later.
  Regards,
  Nicolas

• IDS/IPS 4250, two sensors, connection status Paused

  Hi,
  I have VMS 2.3 and SecMon 2.2 and two IDSs in there. I have noticed that the connection status for the sensors have changed from "Connected TLS" to "Paused". I have gone through database truncation process and all file sizes are good butstill having issues.
  I deleted the sensors from the SecMon and added only one sensor, the connection status changed back to connected but it was set to paused in one hour time after adding the one sensor.
  I can login to the sensor, i can ping the VMS server from the IDS command prompt and the IDS from the VMS DOS prompt. I have done everything possible to change this condition but none has so far worked.
  any thoughts???
  Thx,
  Masood

  Connection states for RDEP devices are written into a table in the database by the receiver collector object. This means that if the receiver thread hangs or is not currently running, whatever state was last written to the table will be displayed.
  "Paused" means that the collector for this device is waiting for the system to clear a large backload of data that is waiting to be inserted into the database. This can occur if the rate of flow of events temporarily overwhelms the receiver and usually indicates that the database has grown too large (more than 2 million IDS or Syslog events) or the system is very busy (servicing event viewer, generating reports, pruning, etc.). It usually takes several minutes (fifteen or more) for the system to recover to the point where it can begin collecting events again.
  What sounds like happened here was that the sensors were offline, or at least were not getting events from the MC for a period. Then when you reconnected it the events began to be processed by the receiver process which in turn caused the 'paused' state. As I mentioned above, once it catches up with event processing you should be ok. Of course you'll want to ensure that you regularly prune your IDSMC/SecMon database to prevent this from happening again.
  You may also want to look at see how much you're logging. You may still need to tune your signatures down as well and you should not have every signature enabled.
  You should also look to upgrade your IDS/IPS software (you didn't mention what version you're on) to the latest service pack (4.1.5 for 4.x and 5.0.5 for 5.0.x)
  Thanks,
  Jeff

• Rdep Thread TImeout

  I am running with Sensor 4215 with IPS version 5.1 and IPS-K9-patch-5.1-1p1. I was able to use Web interface on TLS. Since last week I am unable to connect to the web interface. Everytime I try to connect to it it loads itself to 77% and give me an error "Error connecting to sensor. Failed to load sensor - Rdep Thread Timeout".
  My web interface start working if I disable TLS. Please let me know what should I do to make it work back again.
  Thank!

  You might try to restart the cids services using the service account. To restart, type the following command at the service account prompt(you must su to root first).
  /etc/init.d/cids restart
  If this doesn't resolve the issue, then type "reboot" at the prompt. If all else fails, cycle the power by pulling the plug.
  Hope this helps....

• How to allow access only from certain IPs?

  I have Portal Server 6.0 on Sun ONE Web Server and want to allow access to it only from certain IPs, i.e. if my IP differs from predefined, then access is denied (no page is opened).
  How can I implement this with minimal efforts?
  Thanks in advance!

  Where did you set the ACLs?
  When webclients connect direct to the portal/ids this is pretty straight forward using htttpacl files. When SRAP GW's are used for Internet portal access the web or app-server never sees the client IP thus those ACLs don't get applied.
  Am I missing something (won't be the first time... or the last:-)
  Cheers,
  -psr

• Can i upgrade my HP ENVY J001TX Laptop Screen to IPS Screen.

  Hi,
  I am currently using HP Envy J001tx Laptop. All are exceptional in this other than the laptop display.Is there any way i can upgrade my laptop screen to IPS Screen or some othe screen with good color calibration with better viewing angles???????
  Note : My Display is FHD Brighview display (but viewing angles and color richness is very poor)

  Hello Vashif, welcome to the HP Forums.
  According to the Maintenance and Service guide for your notebook, these are the screen's available for your notebook:
  (2) 17.3-in, LED. HD, BrightView display panel (includes 2 rubber screw covers):
   17.3-in, AG, FHD, LED 720256-001
   17.3-in, BV, HD, LED 720257-001
  You can find this on page 28.
  I hope this answers your question. Thank you for posting on the HP Forums.
  I worked on behalf of HP.

• How to change the default servcie port number to be checked for the IPS sig

  Dear
  i have an AIP-SSM (IPS) installed in a an ASA firewall.
  i have configured an access-list in the firewall to forward the traffic coming from the internet toward the internal server to be checked by the IPS module.
  but the case is that the services have to be checked is not the default services port numbers.
  http port is 8081
  oracle port is 2006
  and many other services.
  the question now, is how to change the default service number in the IPS in order to be checked by the corresponding service signatures?
  Thanks

  You would set those as part of the signature variables.
  http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_signature_definitions.html#wp1040009

• Routing issue- seeing same IPs for two hops

  Hello All,
  I'm seeing two same IPs in the traceroute output. Is that due to routing issue that nexhop is as the same device for the first time?
  Log:
  6  10.30.102.26  61.060 ms 10.30.100.142  61.266 ms 10.30.102.26  61.071 ms
  7  10.30.102.26  61.139 ms  61.211 ms 10.61.191.2  60.948 ms
  Can you  guys help me to fix the issue??
  Regards,
  Thiyagu

  Are you load balancing anywhere?
  6 10.30.102.26  61.060 ms
     10.30.100.142  61.266 ms
     10.30.102.26  61.071 ms
  7 10.30.102.26  61.139 ms  61.211 ms
     10.61.191.2  60.948 ms
  HTH,
  John
  *** Please rate all useful posts ***

• Decoding IPS logs

  Hi,
  Need guidance on decoding IPS syslogs(alerts). We monitor IPS logs and there we could see some decoded messages appearing for cid.context.cid:fromTarget, cid.context.cid.fromAttacket, cid.triggerPacket fields. Would like to understand what these fields are, how to decode these messages (any tools/url for decoding), why cisco has made these contents to appear decoded (any specific reason), how this will help us in analyzing such alerts.
  Thanks!
  -Jag.

  Please use the below guide for message fields
  http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_packets.html

• DNS Issues - Can ping server name and IPs but not FQDNs.

  Hi All, 
  Hopefully some one can help me here, I am having an issue where one of my domain attached servers cannot ping any FQDNs in the environment but it can ping the host names and the IPs and look up the host names from a reverse look up. 
  We have done the following troubleshooting:
  Flushed and registered DNS cache.
  Restarted the DNS client and net logon services on the effected server
  Preformed standard checks and commands such as:
  Checked the event logs and found there were warnings for DNS registration.
  Compared the DNS settings in the network adapters across the rest of the servers in the environment and found that they were all the same. DNS Suffixes are added in the correct order and are set to register.
  Pinging FQDNs which is not giving any results.
  Tracert FQDNs which is also not giving any results.
  Nslookup which is querying the DNS server directly and giving results as expected
  Ran the command which reported successful: dcdiag /test:registerindns /dnsdomain:sub.domain.net /v
  Checked and updated the permissions on DNS for the affected server to give the server full control of its own DNS entry. 
  Replaced the DNS Client service DLL with one from a server that is working as expected. 
  Also worth noting is that the affected server (as well as every other server in the environment) has 2 NICs, one that communicates with DNS and AD and the other does not have any DNS IPs set. 
  Not this is not the first time this happened, a reboot fixed the issue before but it seems to be a reoccurring problem now. 
  If any one can shed some light on this issue I would be grateful.
  Regards,
  Steve. 

  Hi Steve,
  First, we should confirm if this issue is caused by DNS.
  When you ping the FQDN, does the server show the correct corresponding IP address?
  If no, there should be some error messages. If it is possible, please post the screenshot of this issue.
  To check the process about how does server resolve the FQDN, please follow the steps below:
  clear local DNS cache with command ipconfig /flushdns
  perform the network capture
  ping the specified FQDN
  Check the DNS traffic
  To download Network Monitor, please click the link below:
  http://www.microsoft.com/en-hk/download/details.aspx?id=4865
  Besides, have you tried to update the NIC driver to the latest version?
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to use two gtx transceivers in one quad for two aurora ips

  hera mgt bank is 113
  i am using two aurora ips 64b66b .for one ip GTX_X1Y0, another GTX_X1Y2.while simulating ,results are good.Coming to implementation its showing error in implementaion.that in MAP.
  Pack:2811 - Directed packing was unable to obey the user design constraints (LOC=GTXE2_COMMON_X1Y1) which requires the combination of the symbols listed below to be packed into a single GTXE2_COMMON component.
  The directed pack was not possible because: The target component type can only contain one fragment.
  The symbols involved are:
  GTXE2_COMMON symbol "Source2/Aurora_2/src_2_wrapper_i/Src_2_multi_gt_i/gtxe2_common_i" (Output Signal = NULL)
  GTXE2_COMMON symbol "Source1/Aurora_1/src_1_wrapper_i/Src_1_multi_gt_i/gtxe2_common_i" (Output Signal = NULL)
  What is the solution for it?
   find attachments.

  i got following error while implementing project in vivado.
  "[DRC 23-20] Rule violation (REQP-1739) GTx R/TXOUTCLK drives inappropriate load - GTXE2_CHANNEL cell design_1_i/aurora_64b66b_0/inst/design_1_aurora_64b66b_0_0_core_i/design_1_aurora_64b66b_0_0_wrapper_i/design_1_aurora_64b66b_0_0_multi_gt_i/design_1_aurora_64b66b_0_0_gtx_inst/gtxe2_i pin design_1_i/aurora_64b66b_0/inst/design_1_aurora_64b66b_0_0_core_i/design_1_aurora_64b66b_0_0_wrapper_i/design_1_aurora_64b66b_0_0_multi_gt_i/design_1_aurora_64b66b_0_0_gtx_inst/gtxe2_i/TXOUTCLK (net: design_1_i/aurora_64b66b_0/inst/design_1_aurora_64b66b_0_0_core_i/design_1_aurora_64b66b_0_0_wrapper_i/design_1_aurora_64b66b_0_0_multi_gt_i/design_1_aurora_64b66b_0_0_gtx_inst/tx_out_clk) should only drive BUFG, BUFH, BUFMR, MMCM or PLL loads, but drives one or more invalid loads such as FDRE cell CORE_STATUS_channel_up_master_reg. Please insert a BUFHCE (or a BUFMR, if the load is a BUFR) between the GT and its load(s).
  [DRC 23-20] Rule violation (REQP-1739) GTx R/TXOUTCLK drives inappropriate load - GTXE2_CHANNEL cell design_1_i/aurora_64b66b_1/inst/design_1_aurora_64b66b_1_0_wrapper_i/design_1_aurora_64b66b_1_0_multi_gt_i/design_1_aurora_64b66b_1_0_gtx_inst/gtxe2_i pin design_1_i/aurora_64b66b_1/inst/design_1_aurora_64b66b_1_0_wrapper_i/design_1_aurora_64b66b_1_0_multi_gt_i/design_1_aurora_64b66b_1_0_gtx_inst/gtxe2_i/TXOUTCLK (net: design_1_i/aurora_64b66b_1/inst/design_1_aurora_64b66b_1_0_wrapper_i/design_1_aurora_64b66b_1_0_multi_gt_i/design_1_aurora_64b66b_1_0_gtx_inst/tx_out_clk) should only drive BUFG, BUFH, BUFMR, MMCM or PLL loads, but drives one or more invalid loads such as FDRE cell CORE_STATUS_1_channel_up_slave_reg. Please insert a BUFHCE (or a BUFMR, if the load is a BUFR) between the GT and its load(s).
  [USF-XSim 62] 'compile' step failed with error(s) while executing 'F:/PERSONAL/XilinxVivado2014.2/shared_logic/shared_logic.sim/sim_1/behav/compile.bat' script. Please check that the file has the correct 'read/write/execute' permissions and the Tcl console output for any other possible errors or warnings.
  [Vivado_Tcl 4-23] Error(s) found during DRC. Placer not run."
  i am attaching topmodule file
  need solution
  thanks in advance
  razz

• How can I solve the problem of panic.ips in my iphone 5?

  Hi to all. I'm new on this kind of communities. I've updated my Iphone 5 to IOS 7.1.1, my problem is that since a did this updated mi iphone began to restart automatically no matter wich aplication im working.
  I've revised the use diagnostice and it shows a text about panic.ips.  Somebody can help me to know if this is a hardware problem or software problem and if it can be solve?
  Thank you.

  Hi Odragde,
  Thanks for visiting Apple Support Communities.
  If your iPhone is restarting unexpectedly after updating the iOS software, start with step 5 in this troubleshooting guide:
  iPhone: Hardware troubleshooting
  http://support.apple.com/kb/TS2802
  Will not turn on, will not turn on unless connected to power, or unexpected power off
  Verify that the Sleep/Wake button functions. If it does not function, inspect it for signs of damage. If the button is damaged or is not functioning when pressed, seek service.
  Check if a Liquid Contact Indicator (LCI) is activated or there are signs of corrosion. Learn about LCIs and corrosion.
  Connect the iPhone to the iPhone's USB power adapter and let it charge for at least ten minutes.
  After at least 30 minutes, if:
  The home screen appears: The iPhone should be working. Update to the latest version of iOS if necessary. Continue charging it until it is completely charged and you see this battery icon in the upper-right corner of the screen . Then unplug the phone from power. If it immediately turns off, seek service.
  The low-battery image appears, even after the phone has charged for at least 20 minutes: See "iPhone displays the low-battery image and is unresponsive" symptom in this article.
  Something other than the Home screen or Low Battery image appears, continue with this article for further troubleshooting steps.
  If the iPhone did not turn on, reset it while connected to the iPhone USB power adapter.
  If the display turns on, go to step 4.
  If the display remains black, go to next step.
  Connect the iPhone to a computer and open iTunes. If iTunes recognizes the iPhone and indicates that it is in recovery mode, attempt to restore the iPhone. If the iPhone doesn't appear in iTunes or if you have difficulties in restoring the iPhone, see this article for further assistance.
  If restoring the iPhone resolved the issue, go to step 4. If restoring the iPhone did not solve the issue, seek service.
  Best,
  Jeremy

• Solaris 11 IPS:  How do you post multiple versions of the same package?

  How do you post multiple versions of the same software package on a single IPS instance(port)? Oracle was able to do it here with versions 151 and 175 of S11:
  http://pkg.oracle.com/solaris/release/
  Unfortunately, based on my searches, no where in the documentation (http://www.oracle.com/technetwork/server-storage/solaris11/technologies/ips-323421.html) does it explain to the development community how this is done. The best I can do is create pkg repo instances on different ports to host each different software version.
  We are trying to deploy an IPS repository for our drivers and utilities that our customers can link to and pull updates from. We have been able to post a software package to the repository using the command:
  pkgsend publish -s http://localhost:1234 -d ./ Appv1.p5m
  This posts the package on the IPS repository instance at port 1234 on the server. However, we would like to post multiple versions of the package on the server at the same URL. Why the same URL? So that our customers and end-users need only point to a single URL to pull down our software rather than having to add a new URL to the publisher list each time we have an update. We want at least 5 of the previous software versions to be available on the server. Posting each version of the application or driver on a different IPS instance on a different port will require customers to add multiple URLs to their publisher list and they also will not be able to initiate remote scans for updates.
  Has anybody been able to do this? Is any documentation forthcoming?
  Edited by: user13489824 on Jun 25, 2012 10:17 AM

  dhduvall: Thanks for your response. Yes, one would think that as long as the version numbers are different, you should be able to accumulate multiple versions of a package in a repository. It looks like Oracle has done it in their S11 repository unfortunately, as far as I know, they have not shared the steps on how to do this. I would like to publish two versions of the same package. I.E. two different manifests with two different fmri.pkg version strings and two different binaries.
  If I publish one package after another like this:
  pkgsend publish -s http://localhost:1234 Appv1.p5m
  pkgsend publish -s http://localhost:1234 Appv2.p5m
  Then only the second package shows up in the repository, as if it over-wrote the first one.
  Running pkgsend with two manifest, like this:
  pkgsend publish -s http://localhost:1234 Appv1.p5m Appv2.p5m
  Will cause pkgsend to combine the packages and manifests as if they were a single package... not what I am trying to do.
  Both approaches are complete without errors but neither achieves what I am trying to do.
  alan.pae: Thank you. Unfortunately, the link didn't really help. I've read Oracle's white papers and IPS developer guide so I'm familiar with the topics covered.
  Lex: Yes, I know. I specified the versions in the pkg.fmri value string.

• How do I stop Firefox from redirecting me to another site based on my IPS address?

  I work in California. Our corporate offices are in Oklahoma and my desktop computer is set up with an IPS address in OK. When I try to go to the CA website for AAA, Firefox redirects me to the OK website for AAA. How do I stop from being redirected to OK sites when trying to open CA sites?

  hello eajames, sites can show you content and redirect you based on your IP address which will reveal your approximate location - there is not much a browser can do against this...
  http://www.yougetsignal.com/tools/network-location/

• How can I use Apple Caching Service on a Network with Multiple Public IPs?

  Hello!
  I help manage a network of ~4000 clients for a small liberal arts college in Michigan. I'm looking into the possibility of implimenting Apple Caching Server for our network.
  We have one 400mbit pipe out to the internet, and all of our clients are given public-facing IPs to the internet. A caching server would be great, especially on update days. All wireless clients are on the same subnet, which is where I'd like the server to be serving the cached copies.
  I have installed Mavericks on a fresh machine, downloaded OS X Server 3.0.3, and attempted to start the caching service. This is what I get.
  Unable to start service.
  Caching cannot be run on a public network. Consult documentation.
  How can I get this up and running?

  The way the Caching server works is that the server will be accessing the Internet and when doing so traffic will be coming from it via a particular public IP address. Usually this will not be the address of the server itelf but your router as for most networks NAT is used. In this by far more common scenario the client Macs (and likely iOS devices) will be going through the same router and hence show up via the same public IP address.
  If the client request is the same as the address registered via the Caching server then Apple redirect the request via the Caching server.
  The setup would look something like this -
             Internet
                  |
              Router (with NAT)
                  |
    (LAN)     +------Caching Server-----Client devices
  With this setup because everything is using the same public IP address Apple can reasonably assume everything is on the same network and trigger a redirection to your Caching server.
  If you try a setup like the following with the Caching server having its own public IP it will not work because the Caching server and client devices will have different public IP addresses
             Internet
                 |
             Router (no NAT)-------------------+
                 |                                      |
              Firewall (with NAT)       Caching Server
                 |                                      |
                 |                                      |
  (LAN)     +-----Client devices-----------+-----------
  Your configuration as described is more like the following
             Internet
                 |
             Router (no NAT)
                 |
  (LAN)     +------Caching Server-----Client devices
  With yours not having NAT each device has its own public IP address including the Caching server and Apple cannot redirect traffic as it thinks they are on different networks.