Number of Trusted Hosts Limit on Cisco IDM
Hello,
I got a common feature question.
Do you know what is the number of trusted hosts I can include under Cisco IDM monitoring? Is there any limit?
My versions of IPS are:
7.1(4)E4 @ Cisco 4345 and 4360
7.0(8)E4 @ Cisco 4240
Thank you.
Kamil
From CCO, found two different conflicting information though for same release 3.7.2. confusing..
http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/qos/command/reference/b_qos_cr42asr9k_chapter_011.html#wp966352593
"The maximum number of policy maps supported is 2000."
http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.0/qos/command/reference/qr40asr9k_chapter1.html#wp915159151
"The maximum number of policy maps supported is 1000."
Thanks for your reply!
Similar Messages
-
Supported number of Hypervisor hosts in SCVMM 2012 R2
Hi,
I would like know the number of hypervisor hosts (Hyper-V, VMWare, Citrix XEN) supported in single instance of SCVMM 2012 R2.
This would help me to design and size the SCVMM environment.
Any help would be highly appreciated!!!
Thanks
Kumaresan LakshmananThere's not a hard limit, but everythign depends on tha amount of resources you are managing (network, storage, hosts, vms etc).
These are guidelines of recommendation. If more resources managed, then you also need to scale according to that.
-kn
Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com ) -
Ips 4510 error adding trusted host.
Hello.
I'm trying to get event logs from my ips 4510 into splunk.
When I add the host on which splunk is running as a "trusted host" I get the error:
Cannot add #.#.#.# as a trusted host. errTransport-socket connect failed [4,111]
There are no firewalls enabled on the splunk host.
On the splunk side, I've installed Cisco Security Suite and Cisco IPS applications.
The splunk logs show it's able to connect to the host, but then throws the following error:
URLError: <urlopen error Tunnel connection failed: 503 Service Unavailable>.
Not sure at this point if I need to configure something else before being able to add the splunk host as a trusted host?
Any info appreciated.
Thanks.Hi Jamoser,
Could you try to ping the IPS from client? If it works, can you check there is no device in traffic path blocking TCP 443 to IPS? Can you do a capture on IPS to see if request on TCP 443 is indeed reaching the IPS?
Sourav -
Product Name: SPA-2102
Software Version: 5.2.5
Can I write trusted host (remote admin server) on SPA2102?If you are just talking stand alone with the SPA2102, I think the only option is really via remote management. Unfortunately, this is not a trusted connection as what you wanted to be. As long as the other party knows the WAN IP address being received by the SPA-2102 and the port being used, the PC can access the unit unless you set up both the user and admin view for a password.
I suggest contacting Cisco Tech support to further look into your concern. I believe this unit belongs to the business series devices that Cisco is now supporting. Try to go to this link for the other business series devices and the site where you can get hold of Cisco for support:
http://www.cisco.com/web/products/linksys/index.html -
IDSMC 2.0 TLS trusted host
I just upgraded to IDSMC 2.0 today. When I try to do signatures updates to a 4.1 sensor, the job fails with this error below. I already added the VMS server as a trusted TLS host on the sensor. Rebooted.
Any ideas? Do I need to add the sensors cert to the VMS server somehow?
Status Messages
Sensor bbimainsae01: Signature Update Process
TLS Trusted Host Certificate difference found, updating sensor certificate for the MC.
The trusted certificates on the sensor 172.16.1.153 have been updated.
An error occurred while running the update script on the sensor named bbimainsae01. Detail = An error occurred at the sensor during the update, sensor message = The host is not trusted. Add the host to the system's trusted TLS certificates.We've seen a few of these cases, but have not been able to gather enough information to understand where the breakage is occurring.
The first thing to do is to log into the IDS unit as an administrative user (i.e., "cisco"). Make sure the time on the sensor is accurate. Then take a look at the list of trusted certificates. Next, remove the certificate for the VMS server and re-trust it manually. Finally, attempt the upgrade command manually from the IDS CLI.
Here are the commands to enter into the IDS CLI to perform these actions. The example uses "10.1.2.3" for the IP address of the VMS host, and "IDS-sig-4.1-4-S128.rpm.pkg" as the name of the package you want to apply to the sensor:
sensor# show clock
*03:27:22 UTC Wed Dec 01 2004
sensor# configure terminal
sensor(config)# service trustedCertificates
sensor(config-TrustedCertificates)# show settings
trustedCertificates (min: 0, max: 500, current: 0)
sensor(config-TrustedCertificates)# exit
sensor(config)# tls trusted-host ip-address 10.1.2.3 port 443
Certificate MD5 fingerprint is 0A:CB:6F:B5:F8:F8:85:05:5B:5D:7D:0B:73:E1:14:A6
Certificate SHA1 fingerprint is CF:9D:85:60:CA:31:99:26:64:26:39:23:AE:66:E8:3C:BC:68:12:02
Would you like to add this to the trusted certificate table for this host?[yes]:
Certificate ID: 10.1.2.3 succesfully added to the TLS trusted host table.
sensor(config)# upgrade https://10.1.2.3/ids-config/vms/sensorupdate/IDS-sig-4.1-4-S128.rpm.pkg
Warning: Executing this command will apply a signature update to the application partition.
Continue with upgrade? : yes
If the tls trusted-host command does not succeed, we will need to obtain a packet capture to diagnose why. I've provided instructions for doing this elsewhere in this forum. (Search for recent articles by me.)
If you can get the tls trusted-host command to succeed, but the upgrade command fails, then we need to see what might be wrong with the certificate on the VMS server.
If both commands succeed manually, you can re-import the sensor in VMS so it will detect it is running the new version. We will then need to wait until the next signature update to see what happens when you use VMS to upgrade the sensor. -
Certificate on IDSM Console expired. Created new certificate, then deleted and add IDS Sensor using discovery. Login to IDS sensor verified clock on matched IDSM Console, then removed trusted-host and re-add to generate new certificate. Cert on sensor doesn't match IDSM Console cert. Still getting TLS trusted host errors when trying to do signature updates. Am I missing a step? Any suggestions? Thanks,
If it is the IDSM-2 certificate that expired, then the steps are correct.
My assumption, however, is that the error you are receiving is not because the IDSM-2 certificate has expired, but instead it is the VMS certificate that has expired.
You would need to create a new certificate for the VMS itself. Then go to the sensor and remove the sensor's knowledge of the VMS old certificate and tell it to grab the new VMS certificate.
Here is how you tell the sensor to grab VMS's new certificate:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clitasks.htm#wp1036631
I am not sure what the steps are to create a new certificate on the VMS itself. -
He instance with number 4 on host could not be started within the specified timeout.
Hi,
We are upgrading our BW Java from 7.0 to 7.4 SPS 07 and are in now in Execution Phase.
Java system is not getting started.
An error has occurred during the execution of the Start Java step.
Could not start SAP instance with number 4. The instance with number 4 on host <hostname> could not be started within the specified timeout.
In error logs
Jul 8, 2014 11:31:16 AM [Error ]: Start of instances exceeded the timeout of 7200s.
Jul 8, 2014 11:31:16 AM [Warning]: The instance could not be started. Will retry after a pause of 15 seconds.
Jul 8, 2014 11:31:31 AM [Error ]: The following problem has occurred during step execution: com.sap.sdt.util.diag.DiagException: Could not start SAP instance with number 4.
The instance with number 4 on host <hostname> could not be started within the specified timeout.
Can you please help
Thanks & Regards
Amit ShedgeHi Amit,
Please check if the instance exists in the system instance list with number 4 and <hostname>.
sapcontrol -nr 04 -function GetSystemInstanceList
If so, add SAPLOCALHOST and SAPLOCALHOSTFULL parameters to the following Java and SCS instance parameter files.
Java instance parameter file: /SUM/sdt/<SID>/SYS/profile/<SID>_JC04_<hostname>
SCS instance parameter file: /SUM/sdt/<SID>/SYS/profile/<SID>_SCSXX_<hostname>
After adding the parameters, restart the sapstartsrv services for both of the above instances:
sapcontrol -nr 04 -function RestartService
sapcontrol -nr XX -function RestartService
Repeat the failed step.
BR,
Alper Somuncu -
I have purchased Adobe Acrobat XI Pro. I purchased it after the free test period had expired. In the drop down menue on the website XI Pro is not listed so I cannot enter the serial number [removed by host]. So I cannot use the program. John Steele. [personal information removed by host] Thank you
@Bill, I removed your post, since its subject now contained the serial number which I could not remove.
Bill’s original reply: I cannot edit your post. Please remove the S/N ASAP. You should never post S/Ns.
I will add to Bill’s reply and add that you should not post your phone numbers or other personal information on the internet. -
My Mac PRO (serial number <edited by host>) has installed OS X Lion 10.7.5. Can I update it to OS Mountain Lion to work Airplay with apple TV?
Welcome to Apple Support Communities
The serial number doesn't tell us anything. Open > About this Mac > More Info, and tell us the first two lines of the window, where you should see MacBook Pro and a line below, which indicates the model you have:
That's what I see on my Mac. AirPlay Mirroring requires an Early 2011 or newer MacBook Pro, so if you see Early 2011 MacBook Pro or newer in that line, you can use AirPlay Mirroring. Read > http://support.apple.com/kb/HT5404
If you want to upgrade, make a backup of your files and check that your applications are compatible > http://www.roaringapps.com Then, open the Mac App Store and purchase Mountain Lion. When the download finishes, the Mountain Lion installer will appear, so follow the steps. After upgrading, you will see the AirPlay icon on the menu bar.
If you don't want to upgrade, you can use an application like Beamer or AirParrot -
Import Network host objects to Cisco Security Manager
Is it possible to import complete lists of Network Hosts objects to Cisco Security Manager?
Exporting the hosts already defined in the ASAs is easy but how to import them in CSM??
ThanksNo hostnames discovered go the Policy Object Manager (nor to the Access rules), only group-names (there's a bug in ASAs related to single host names too). The way CSM handles single hosts is previously creating them, so when we later discover devices, the single hosts names set in the discovered device are not considered, only their IP addresses; then you can see that in the discovered access rules CSM shows the hostname as the previously defined ones in the Policy Object Manager. If you dont define those hostnames before the device discovery, you will only see IP addresses, no hostnames, no matter they are set in your firewalls.
Imagine discovering a couple FWSM modules with 500 access rules, and you only get to see the IP addresses of the 2,500 hosts on your network. And you have all those hosts already defined in your FWSM firewalls, when you log via ASDM you view your hard created rules with hostnames, and when you log to CSM you only view IP addresses. The clients get very disappointed with CSM after that, and discard it. The bigger the network, the faster they reject CSM.
The only way to add hosts in the Policy Object Manager is 1 by 1. But as this may have happened to more than one company and considering how easy it is to code a feature like that, I assume that it's possible to import a complete list of single hosts to CSM.
is that really possible? it should be.
thanks for the replies so far -
Trusted Host Check Failed for RFC SAPLSOVLROOM
Hi,
We are using SAP Enterprise Learning 7.5.
In RFC SAPLSOVLROOM, got a below error in response body.
Trusted host check : failed
The host that you are calling from is not configured as trusted. See
the configuration guide for information about how configure a host as
trusted.
Added hostname in the trusted hosts of the sap_servlet_config.xml.
Also followed Note 1471989 - SAP Enterprise Learning 7.5 - Trusted host check:failed
Still the trusted host check alone getting failed. Other Checks for the RFC is sucessful.
Regards,
Raja. GRaja, did you figure out what was going on here? We have similar situation. Hosta are listed in trusted hosts section, but we get error when doing connection check in sm59 if we use a https connection, but not if we use http connection. There are no ssl errors anywhere, but it fails the same as yours.
If you have any update. Please reply. -
In trusted hosts,when i am doing rlogin to another host gives error "connection time out" what could be problem.Give solution
Users attempting to use rlogin must be validated. Validation can be performed by the remote computer (the one you are logging into) or by the network environment. If the remote computer is to validate you, one of three conditions must exist.
1 First, the user account you are using must be located on the remote machine, and you must provide a correct password when prompted.
2 Second, the remote machine must have an /etc/hosts.equiv file set up.
3 Third, the remote machine must have an .rhosts file configured. -
How can I configure a WAP54G to act as a repeater for my wireless network hosted by a Cisco/Linksys WAP610AP
I am using ONLY 2.4GHz wireless band on the WAP610AP running Firmware Version 1.0.04
The signal from WAP610AP is weak in my home office and I would like to use the WAP54G as the repeater. Is this possible? If yes, please help!
TIAThis statement is according to the WAP’s user interface: When set to "AP Client" and "WirelessBridge" mode, this device will only communicate with another Linksys Access Point (WAP54G). When set to "Wireless Repeater" mode, this device will only communicate with another Linksys Access Point (WAP54G) and Linksys Wireless-G Router (WRT54G). In a nutshell, the WAP54G may have a big possibility that it will not work on that device.
-
My Site Trusted Host Location (still 2010)
Can My Site site collection still be the 2010 flavor using SharePoint 2013 My Site Host.
A group of My Sites does not want to be upgraded, and remain SharePoint 2010. Is it supported to setup a Trusted Host Location which points to the SharePoint 2010 Farm?
Is it supported for a SharePoint 2013 User Profile Service Application to use a SharePoint 2010 My Host Site Template? I would think many things would break?
So the comprise would be to keep some My Site Site Collections in a SharePoint 2010 Farm as a Trusted Location.
Any thoughts...
Thanks in advance.A SharePoint 2010 Farm can consume services from a SharePoint 2013 farm, but not the other way around. Normally any service farm is upgraded first. So no, to the best of my knowledge you can not use a SharePoint 2010 My Site Host as a Trusted
Host location in the 2013 farm.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
When experimenting with different Exchange and HTTP server settings (for calendar subscription) I had to accept a certificate I don't want to trust forever.
Although I deleted the account under Mail, Contacts & Calendar settings, the iPhone still seems to trust the certificate: When I re-enter the account information, I am not asked if I want to trust, the connection is simply established.
Which options do I have to delete that host from the list of trusted hosts? Will resetting the network settings suffice? Or resetting all settings? Or do I have to backup / restore the iPhone completely?
Thanks for input on this!I've also ended up with this problem - there is a firewall in one location where I use connect my iPhonew over wifi which, before I had done the http based login, must have responded to the exchange connections SSL request instead of the gmail exchange server.
I don't really want to trust this server, and I've been searching for a way to revoke trusted hosts with no luck so far.
As a side note, this has caused my iPhone to think the firewall is a valid gmail exchange server, and after re-requesting the password a few times times will give up until the phone is restarted if I leave the wifi on and have to reject the prompt (in order to http login).
Would be great to hear if anybody knows how to achieve the revocation.
Thanks, Alex J Burke.
Maybe you are looking for
-
My iPhone 4s no longer displays photos or text in horizontal mode. Is there a reset option or a known way to have this functionality return?
-
Best screen resolution Macbook Pro 17"
Question: What is the best screen resolution Macbook Pro 17"
-
Hierarchy data(Profit center Hierarchy,Cost element)
Hi every one, How can i load the hierachy data from R3 to BW? Please search the forum Edited by: Pravender on Jul 13, 2010 6:56 PM
-
Calculating Key Figure on Fly in BPS Layout ??
Hello there, Here is my requirement. I need to create a BPS Layout (Read Only) which Displays, Sales Quantity, Cost of Sales and Unit Cost. I have Key Figures for Sales Quantity and Cost of Sales. I want to Calculate Unit Cost on BPS Layout. Unit Cos
-
Uh Oh, after Leopard and GB08, MP3 grew from 4.2 to 248 MB?
Just upgraded to leopard and GB 08 - For about a year, I routinely, though rather without actually knowing what I am doing, send my mp3 lectures (4.2 MB) through garageband, usually just one edit, cutting off the beginning if it is slow, and then to