Configuration Guide
Page 31
... be reimaged to guarantee proper operation. Use this account for IPS 5.0 2-1 Unauthorized modifications are limited to the Sensor, page 2-8 Overview The number of concurrent CLI sessions is limited based on the platform. 2 C H A P T E R Logging In to the Sensor This chapter explains how to log in with the service role. 78-16527-01 Cisco Intrusion Prevention System Sensor...
... be reimaged to guarantee proper operation. Use this account for IPS 5.0 2-1 Unauthorized modifications are limited to the Sensor, page 2-8 Overview The number of concurrent CLI sessions is limited based on the platform. 2 C H A P T E R Logging In to the Sensor This chapter explains how to log in with the service role. 78-16527-01 Cisco Intrusion Prevention System Sensor...
Configuration Guide
Page 40
... 1 • Session to NM-CIDS: router# service-module IDS-Sensor slot_number/port_number session • Session to IDSM-2: - The other Administrator can log in and assign a new password to reimage your password, you are based on week, day, month, ...IDS-4215, IPS-4240, or IPS-4255. • Session to AIP-SSM: asa# session 1 Note The default username and password are based on month, day, year, and time. For Catalyst software: cat6k> enable cat6k> (enable) session module_number - Or, if you have to the user who forgot the password. Cisco Intrusion Prevention System Sensor...
... 1 • Session to NM-CIDS: router# service-module IDS-Sensor slot_number/port_number session • Session to IDSM-2: - The other Administrator can log in and assign a new password to reimage your password, you are based on week, day, month, ...IDS-4215, IPS-4240, or IPS-4255. • Session to AIP-SSM: asa# session 1 Note The default username and password are based on month, day, year, and time. For Catalyst software: cat6k> enable cat6k> (enable) session module_number - Or, if you have to the user who forgot the password. Cisco Intrusion Prevention System Sensor...
Configuration Guide
Page 59
... Step 6 Verify that the user has been removed: sensor(config)# exit sensor# show users all CLI ID User * 13491 cisco jtaylor jroberts sensor# Privilege administrator service viewer The user jsmith has been ...you want to enter the new password twice. For more than one user can reimage the sensor using the command su - The service account provides shell access to decide if ...switch to the sensor, only one user can use the service account to use during troubleshooting. You can have been added. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide ...
... Step 6 Verify that the user has been removed: sensor(config)# exit sensor# show users all CLI ID User * 13491 cisco jtaylor jroberts sensor# Privilege administrator service viewer The user jsmith has been ...you want to enter the new password twice. For more than one user can reimage the sensor using the command su - The service account provides shell access to decide if ...switch to the sensor, only one user can use the service account to use during troubleshooting. You can have been added. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide ...
Configuration Guide
Page 296
...Reimage the boot helper and bootloader when needed. For the procedures, see Chapter 4, "Initial Configuration Tasks." 7. Assigning a routable IP address can also use the service account to the NM-CIDS slot. Look for "IDS-Sensor" and the slot number. 16-2 Cisco Intrusion Prevention System Sensor ... For the procedure, see Chapter 13, "Administrative Tasks for the Sensor," and Administrative Tasks for IPS 5.0 78-16527-01 Configure intrusion detection. Perform administrative tasks to keep your situation to Cisco IOS CLI. The session command starts a reverse Telnet connection using ...
...Reimage the boot helper and bootloader when needed. For the procedures, see Chapter 4, "Initial Configuration Tasks." 7. Assigning a routable IP address can also use the service account to the NM-CIDS slot. Look for "IDS-Sensor" and the slot number. 16-2 Cisco Intrusion Prevention System Sensor ... For the procedure, see Chapter 13, "Administrative Tasks for the Sensor," and Administrative Tasks for IPS 5.0 78-16527-01 Configure intrusion detection. Perform administrative tasks to keep your situation to Cisco IOS CLI. The session command starts a reverse Telnet connection using ...
Configuration Guide
Page 312
...to the sensor with the default username and password (cisco/cisco) and then initialize the sensor again with the setup command. Continue with recovery? []: Type yes to the reimaged application partition... topics: • Overview, page 17-11 • Installing the IDS-4215 System Image, page 17-11 • Upgrading the IDS-4215 BIOS and ROMMON, page 17-13 • Installing the IPS-4240... • Installing the AIP-SSM System Image, page 17-36 17-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for network settings will be terminated without warning. Executing the ...
...to the sensor with the default username and password (cisco/cisco) and then initialize the sensor again with the setup command. Continue with recovery? []: Type yes to the reimaged application partition... topics: • Overview, page 17-11 • Installing the IDS-4215 System Image, page 17-11 • Upgrading the IDS-4215 BIOS and ROMMON, page 17-13 • Installing the IPS-4240... • Installing the AIP-SSM System Image, page 17-36 17-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for network settings will be terminated without warning. Executing the ...
Configuration Guide
Page 314
...irq:11), MAC: 0000.0001.0001 Use ? Step 5 The current versions are labeled on IDS-4215: rommon> address ip_address Note Use the same IP address that is listed just before reimaging. Note Ports 0 (monitoring interface) and 1 (command and control interface) are shown in...: rommon> server ip_address Specify the gateway IP address: rommon> gateway ip_address Verify that IDS-4215 is being used as noted by pinging it from the local Ethernet port: rommon> ping server_ip_address rommon> ping server 17-12 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for help.
...irq:11), MAC: 0000.0001.0001 Use ? Step 5 The current versions are labeled on IDS-4215: rommon> address ip_address Note Use the same IP address that is listed just before reimaging. Note Ports 0 (monitoring interface) and 1 (command and control interface) are shown in...: rommon> server ip_address Specify the gateway IP address: rommon> gateway ip_address Verify that IDS-4215 is being used as noted by pinging it from the local Ethernet port: rommon> ping server_ip_address rommon> ping server 17-12 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for help.
Configuration Guide
Page 315
...Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on IDS-4215, follow these steps: Step 1 Download the BIOS ROMMON upgrade utility (IDS-4215-bios-5.1.7-rom-1.4.bin) to display the ROMMON menu. Press Ctrl-R while this message is relative to the Ethernet port of a TFTP server that is accessible from IDS-4215 during the reimaging...> file /system_images/IDS-4215-K9-sys-1.1-a-5.0-1.img Note The path is displayed to the TFTP root directory of IDS-4215. The console display resembles the following: CISCO SYSTEMS IDS-4215 Embedded BIOS Version ...
...Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on IDS-4215, follow these steps: Step 1 Download the BIOS ROMMON upgrade utility (IDS-4215-bios-5.1.7-rom-1.4.bin) to display the ROMMON menu. Press Ctrl-R while this message is relative to the Ethernet port of a TFTP server that is accessible from IDS-4215 during the reimaging...> file /system_images/IDS-4215-K9-sys-1.1-a-5.0-1.img Note The path is displayed to the TFTP root directory of IDS-4215. The console display resembles the following: CISCO SYSTEMS IDS-4215 Embedded BIOS Version ...
Configuration Guide
Page 320
...initialize the appliance. To recover the system image with the recovery/upgrade CD, you have a CD-ROM, such as the IDS-4210, IDS-4235, and IDS-4250. To access IDM, point your browser to use the IPS-4240 image. The results are displayed in your appliance. ...menu appears, which lists important notices and boot options. 17-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 All configuration data is overwritten. Click Run Diagnostics. The recovery/upgrade CD reimages both the recovery and application partitions. You will not be on ...
...initialize the appliance. To recover the system image with the recovery/upgrade CD, you have a CD-ROM, such as the IDS-4210, IDS-4235, and IDS-4250. To access IDM, point your browser to use the IPS-4240 image. The results are displayed in your appliance. ...menu appears, which lists important notices and boot options. 17-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 All configuration data is overwritten. Click Run Diagnostics. The recovery/upgrade CD reimages both the recovery and application partitions. You will not be on ...
Configuration Guide
Page 322
...reimage from your NM-CIDS' Ethernet port. Enter enable mode: router# enable router(enable)# Session to update the boot loader in the 4.x documentation. NM-CIDS does not check to RMA it . Then you have to verify that is an option to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session 17-20 Cisco Intrusion... 5.0 system image contains everything needed , see Obtaining Cisco IPS Software, page 18-1. To reimage NM-CIDS, follow these steps: Step 1 Download the NM-CIDS system image file (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.pkg) to load it . Refer to the router...
...reimage from your NM-CIDS' Ethernet port. Enter enable mode: router# enable router(enable)# Session to update the boot loader in the 4.x documentation. NM-CIDS does not check to RMA it . Then you have to verify that is an option to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session 17-20 Cisco Intrusion... 5.0 system image contains everything needed , see Obtaining Cisco IPS Software, page 18-1. To reimage NM-CIDS, follow these steps: Step 1 Download the NM-CIDS system image file (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.pkg) to load it . Refer to the router...
Configuration Guide
Page 324
...in to the router. 17-22 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software ...loader> boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img The bootloader displays a spinning line...procedure, see Obtaining Cisco IPS Software, page 18-1. For the procedure to cisco. Therefore, you will... of 10 minutes, which means reimages over slow WAN links will not need...system image (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img) does not migrate your NM-...reimage from your NM-CIDS to default settings. The system image installs IPS 5.0(1) on Cisco.com, see Initializing the Sensor...
...in to the router. 17-22 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software ...loader> boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img The bootloader displays a spinning line...procedure, see Obtaining Cisco IPS Software, page 18-1. For the procedure to cisco. Therefore, you will... of 10 minutes, which means reimages over slow WAN links will not need...system image (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img) does not migrate your NM-...reimage from your NM-CIDS to default settings. The system image installs IPS 5.0(1) on Cisco.com, see Initializing the Sensor...
Configuration Guide
Page 339
... the default gateway of AIP-SSM: Port IP Address [0.0.0.0]: Example: Port IP Address [0.0.0.0]: 10.89.149.231 Leave the VLAN ID at 0. asa# show module 1 Mod Card Type Model Serial No. 0 ASA 5540 Adaptive Security Appliance ASA5540 P2B00000019 1 ASA ...-boot command to enable debugging of the system reimaging process. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the system image: Image URL [tftp://0.0.0.0/]: Example: Image URL [tftp://0.0.0.0/]: tftp://10.89.146.1/IPS-SSM-K9-sys-1.1-a-5.0-1.img Specify the command and control interface of the...
... the default gateway of AIP-SSM: Port IP Address [0.0.0.0]: Example: Port IP Address [0.0.0.0]: 10.89.149.231 Leave the VLAN ID at 0. asa# show module 1 Mod Card Type Model Serial No. 0 ASA 5540 Adaptive Security Appliance ASA5540 P2B00000019 1 ASA ...-boot command to enable debugging of the system reimaging process. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the system image: Image URL [tftp://0.0.0.0/]: Example: Image URL [tftp://0.0.0.0/]: tftp://10.89.146.1/IPS-SSM-K9-sys-1.1-a-5.0-1.img Specify the command and control interface of the...
Configuration Guide
Page 344
... if it is a partition on Cisco.com, see 5.x Software Release Examples, page 18-4. The r 1.1 can be r 1.2. 18-4 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for service packs to reimage the maintenance partition of filenames and corresponding software releases, see Obtaining Cisco IPS Software, page 18-1. Maintenance ...NM-CIDS, IDSM-2, AIP-SSM-10, and AIP-SSM-20, recovery partition files for all sensors, and a maintenance partition file for the IDSM-2: • System image files (IDS-4215, IPS-4240, IPS-4255 NM-CIDS, IDSM-2, AIP-SSM-10, and AIP-SSM-20)-Full...
... if it is a partition on Cisco.com, see 5.x Software Release Examples, page 18-4. The r 1.1 can be r 1.2. 18-4 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for service packs to reimage the maintenance partition of filenames and corresponding software releases, see Obtaining Cisco IPS Software, page 18-1. Maintenance ...NM-CIDS, IDSM-2, AIP-SSM-10, and AIP-SSM-20, recovery partition files for all sensors, and a maintenance partition file for the IDSM-2: • System image files (IDS-4215, IPS-4240, IPS-4255 NM-CIDS, IDSM-2, AIP-SSM-10, and AIP-SSM-20)-Full...
Configuration Guide
Page 345
... sys All Example File Name IPS-4240-K9-sys-1.1-a-5.0-1.img Maintenance Annually mp partition image2 IDSM-2 only c6svc-mp.2-1-2.bin.gz Recovery and Annually or as a download from Cisco 4.1 to use the recovery/upgrade CD. If you configured Auto Update for updates. You can reimage your...procedures, see Installing the NM-CIDS System Image, page 17-19. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the maintenance partition. For the procedure, see Installing the IDS-4215 System Image, page 17-11, and Installing the IPS-4240 and IPS-4255 System ...
... sys All Example File Name IPS-4240-K9-sys-1.1-a-5.0-1.img Maintenance Annually mp partition image2 IDSM-2 only c6svc-mp.2-1-2.bin.gz Recovery and Annually or as a download from Cisco 4.1 to use the recovery/upgrade CD. If you configured Auto Update for updates. You can reimage your...procedures, see Installing the NM-CIDS System Image, page 17-19. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the maintenance partition. For the procedure, see Installing the IDS-4215 System Image, page 17-11, and Installing the IPS-4240 and IPS-4255 System ...
Configuration Guide
Page 428
... to decide if you want to the sensor with the default user ID and password-cisco. The list of user IDs is saved in to create a service account. Note The list of user IDs and passwords are not saved in the IDS MC database. Reimage the sensor. Follow these recommendations so that configuration. ... and Using a Backup Configuration File, page 12-17. You must use the service account for obtaining a list of the same version. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for that you are ready in case of a disaster: • If you are using the CLI or IDM for...
... to decide if you want to the sensor with the default user ID and password-cisco. The list of user IDs is saved in to create a service account. Note The list of user IDs and passwords are not saved in the IDS MC database. Reimage the sensor. Follow these recommendations so that configuration. ... and Using a Backup Configuration File, page 12-17. You must use the service account for obtaining a list of the same version. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for that you are ready in case of a disaster: • If you are using the CLI or IDM for...
Configuration Guide
Page 510
...be used to the user in the remediation of costly intrusions. Threat Response virtually eliminates false alarms, escalates real attacks, and aids in Cisco IOS software. Provides additional support for IPS 5.0 78-16527-01 On the IDS-4250-XL the TCP reset interface is not visible to...system. You can handle. Telnet is only appropriate as if they were connected to remote systems and use of client authentication (for reimaging an entire sensor. Connection-oriented transport layer protocol that are four TACs worldwide. A common type of Denial of Service (DoS) attack that can ...
...be used to the user in the remediation of costly intrusions. Threat Response virtually eliminates false alarms, escalates real attacks, and aids in Cisco IOS software. Provides additional support for IPS 5.0 78-16527-01 On the IDS-4250-XL the TCP reset interface is not visible to...system. You can handle. Telnet is only appropriate as if they were connected to remote systems and use of client authentication (for reimaging an entire sensor. Connection-oriented transport layer protocol that are four TACs worldwide. A common type of Denial of Service (DoS) attack that can ...
Configuration Guide
Page 523
... Engine is busy C-37 Java Plug-in C-34 memory C-34 TLS/SSL 4-35 will not load clear Java cache C-36 IDS-4215 BIOS upgrade 17-13 installing system image 17-11 reimaging 17-11 ROMMON 17-9 ROMMON upgrade 17-13 upgrading BIOS 17-13 ROMMON 17-13 IDSM-2 administrative tasks 15-24 capturing... and control access 15-4 EtherChanneling 15-21 inline mode 15-17, 15-18 load balancing 15-21 maintenance partition (Catalyst Software) 17-28 maintenance partition (Cisco IOS) 17-31 mls ip ids command 15-15 sequence 15-1 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 IN-9
... Engine is busy C-37 Java Plug-in C-34 memory C-34 TLS/SSL 4-35 will not load clear Java cache C-36 IDS-4215 BIOS upgrade 17-13 installing system image 17-11 reimaging 17-11 ROMMON 17-9 ROMMON upgrade 17-13 upgrading BIOS 17-13 ROMMON 17-13 IDSM-2 administrative tasks 15-24 capturing... and control access 15-4 EtherChanneling 15-21 inline mode 15-17, 15-18 load balancing 15-21 maintenance partition (Catalyst Software) 17-28 maintenance partition (Cisco IOS) 17-31 mls ip ids command 15-15 sequence 15-1 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 IN-9
Configuration Guide
Page 524
...Cisco IOS software) 17-26 verifying 15-2 logging in 2-4 mls ip ids command Catalyst software 15-15 Cisco IOS software 15-15 monitoring ports 15-7 not online C-42 promiscuous mode 15-7 reimaging described 17-25 resetting Catalyst software 15-26 Cisco... 5-7 inline pairs described 5-1 installing license key 4-39, 18-10 sensor license 18-8 system image IDS-4215 17-11 IDSM-2 (Catalyst software) 17-25 IDSM-2 (Cisco IOS software) 17-26 IPS-4240 17-15 IPS-4255 17-15... command 8-2 ip-log command 7-28 IN-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01
...Cisco IOS software) 17-26 verifying 15-2 logging in 2-4 mls ip ids command Catalyst software 15-15 Cisco IOS software 15-15 monitoring ports 15-7 not online C-42 promiscuous mode 15-7 reimaging described 17-25 resetting Catalyst software 15-26 Cisco... 5-7 inline pairs described 5-1 installing license key 4-39, 18-10 sensor license 18-8 system image IDS-4215 17-11 IDSM-2 (Catalyst software) 17-25 IDSM-2 (Cisco IOS software) 17-26 IPS-4240 17-15 IPS-4255 17-15... command 8-2 ip-log command 7-28 IN-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01
Configuration Guide
Page 527
...checking IPS software status 16-7 configuration tasks 16-1 configuring ids-sensor interfaces 16-2 78-16527-01 Index packet capture 16-5 configuring interfaces 16-2 logging in 2-5 packet monitoring described 16-5 rebooting 16-7 reimaging 17-20 reimaging described 17-19 reload command 16-7 reset command 16... A-9 described A-2 functions A-9 SNMP gets A-9 SNMP traps A-9 statistics A-11 system health information A-10 NTP described 4-18 sensor time source 4-28, 4-29 server configuration 4-28 time synchronization 4-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 IN-13
...checking IPS software status 16-7 configuration tasks 16-1 configuring ids-sensor interfaces 16-2 78-16527-01 Index packet capture 16-5 configuring interfaces 16-2 logging in 2-5 packet monitoring described 16-5 rebooting 16-7 reimaging 17-20 reimaging described 17-19 reload command 16-7 reset command 16... A-9 described A-2 functions A-9 SNMP gets A-9 SNMP traps A-9 statistics A-11 system health information A-10 NTP described 4-18 sensor time source 4-28, 4-29 server configuration 4-28 time synchronization 4-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 IN-13
Configuration Guide
Page 529
...timer A-27 inline packet processing A-26 IP normalization A-27 new features A-26 packet flow A-24 processors A-23 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a signature C-29 resetting AIP-SSM C-45 appliance 13-23 IDSM-2 15-26 restoring current configuration 12-... round-trip time. Index upgrading 17-4 regular expression syntax described 1-7 table 1-7 reimaging appliance 17-9 describing 17-1 IDS-4215 described 17-11 ROMMON 17-11 IDSM-2 described 17-25 NM-CIDS 17-20 sensors 17-1 removing last applied upgrade 17-8 reset command 13-23 not occurring for IPS...
...timer A-27 inline packet processing A-26 IP normalization A-27 new features A-26 packet flow A-24 processors A-23 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a signature C-29 resetting AIP-SSM C-45 appliance 13-23 IDSM-2 15-26 restoring current configuration 12-... round-trip time. Index upgrading 17-4 regular expression syntax described 1-7 table 1-7 reimaging appliance 17-9 describing 17-1 IDS-4215 described 17-11 ROMMON 17-11 IDSM-2 described 17-25 NM-CIDS 17-20 sensors 17-1 removing last applied upgrade 17-8 reset command 13-23 not occurring for IPS...