Cisco Systems IPS4520K9 manual

Americas Headquarters Cisco System s, Inc . 170 West Tasm an Drive San Jos e, CA 95 134-1706 USA http://www .cisco .com Tel: 408 526-4000 800 553- NETS ( 6387) Fax: 408 527-0883 Cisco Intrusion P re v ention S ystem Appliance and Modul e Installation Guide f or IPS 7 .1 Text Pa rt Num ber: OL -24002-0 1[...]

THE SPECIFICATIONS AND INFORM ATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOU T NOTICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDATI ONS IN TH IS MANUAL ARE BELIEVED TO BE ACCURATE BUT A RE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRES S OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRO D[...]

iii Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 CONTENTS About Th is Guide xv Content s xv Audienc e xv Comply wit h Local and Nation al Elect rical Co des xvi Organi zation xvii Conv enti ons xvii i Relate d Documen tation xviii Obtain ing Docu mentati on and Sub mitting a Servic e Requ[...]

Cont ent s iv Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Connect ing an Ap pliance to a Termina l Serve r 1-22 Time So urces and t he Senso r 1-23 The Senso r and Ti me Source s 1-23 Synch roniz ing IP S Modu le Syst em Cloc ks with the Pare nt Dev ice Sy stem Clock 1-23 Verif ying the Sen sor[...]

Content s v Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Hardwa re Bypa ss 4-4 4GE By pass In terf ace Car d 4-5 Hardwa re Bypa ss Co nfigur ation Restr ictions 4-5 Hardwa re Bypa ss an d Link Chan ges and Drops 4-6 Front an d Back Pan el Featu res 4-7 Specif icat ions 4-9 Accesso ries 4-[...]

Cont ent s vi Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Removing and Replac ing the Chas sis Cover 5-39 Accessi ng the Diag nosti c Panel 5-42 Insta lling an d Removi ng Interf ace Cards 5-43 Insta lling an d Removi ng the Power Su pply 5-45 Insta lling an d Removing Fa ns 5-50 Troubl eshoo t[...]

Content s vii Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Removing and Insta lling th e Core IPS SSP 7-14 Removing and Insta lling th e Power Su pply Modul e 7-16 Removing and Ins talli ng the Fan Modul e 7-18 Instal ling th e Slid e Rail Kit Hardwar e 7-19 Instal ling an d Removi ng the[...]

Cont ent s viii Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Insta lling SF P/SFP+ Modules 9-11 Verif ying the St atus of the ASA 5585-X IPS SSP 9-12 Removing and Replac ing the ASA 5585- X IPS S SP 9-13 APPENDI X A Logging In to the Senso r A-1 Content s A-1 Support ed Us er Rol es A-1 Logg ing[...]

Content s ix Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Underst andi ng Licensi ng C-9 Servic e Pr ograms f or I PS Pro ducts C-9 Obtain ing and Install ing the Li cense Key Using th e IDM or the IME C-10 Obtain ing and Install ing t he License Key Usin g the CLI C-11 Obtai ning a Lic e[...]

Cont ent s x Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Underst andi ng Prevent ive Maint enance E-2 Creati ng and Usi ng a Backup Config uratio n File E-2 Backin g Up and Rest oring th e Confi gurati on File Usi ng a Remot e Server E-3 Creati ng t he Serv ice Account E-5 Disast er Re covery E[...]

Content s xi Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Phys ical Conn ectivi ty, SP AN, or VACL Po rt Issue E-29 Unable t o See Alerts E-31 Sens or No t Se eing P acke ts E-32 Cleani ng Up a Corr upte d Sensor App Co nfigur atio n E-34 Blocki ng E-35 Troubl eshoo ting Bl ocking E-35 Ve[...]

Cont ent s xii Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Failo ver Sce narios E-63 Health and Stat us Informa tion E-64 The ASA 5500- X IPS SSP and the Normal izer Engine E-72 The ASA 5500- X IPS SSP and Memor y Usage E-73 The ASA 5500- X IPS SSP and Jumbo Packe t Frame Siz e E-73 The ASA 550[...]

Content s xiii Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 10/100B aseT and 10/100 /1000Bas eT Conne ctors F-1 Consol e Port ( RJ-45) F-2 RJ-45 to DB-9 or DB- 25 F-3 G LOS SAR Y I NDEX[...]

Cont ent s xiv Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01[...]

-xv Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 About This Guide Published: March 31, 2010 Revised: May 6, 2013, OL-24002-0 1 Contents This gu ide desc ribes how to install ap pliances a nd m odules that support Cisco IPS 7.1. It includes a glossary tha t contains expanded acronyms and p[...]

-xvi Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter Contents Comply with Loca l and Nationa l Electrical Cod es War nin g Installation of the equipment must compl y with local and national electrical codes. Statement 107 4 Waarschuwing Bij installati e van de appa ratuur moet worden voldaa[...]

-xvi i Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter Conten ts Organization This guide includes the f ollo wing sections: Section T itle Description 1 “Introducing the Sensor” Describes I PS appliances and mo dules. 2 “Prepa ring th e App liance fo r Installation” Desc ribe[...]

-xvi ii Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter Contents Conven tions This document uses the followi ng con ventions: Note Means r e ader ta ke no te . Ti p Means the following information will help you solve a pr oblem . Cautio n Means re a d e r b e c a re f u l . In this situatio[...]

-xi x Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter Conten ts For a complete list of the Cisco ASA 55 00 series do cu mentation a nd whe re to find it, re fer to the following URL: http://www .cisco.com/en/US/docs/secu rity/asa/roadmap/asaroadmap.html Obtaining Do cumentation an d [...]

-xx Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter Contents[...]

CH A P T E R 1-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 1 Introducing the Sen sor Contents This cha pter introdu ces the sensor a nd provides inf ormation y ou should k now before you install the sensor . In this guide, the ter m sensor refers to all models unless noted otherwise. F[...]

1-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns Figur e 1 -1 Compr ehensiv e De ployme nt Solutions The com mand and control interf ace is al ways Eth ernet. This in terfa ce has an assi gned IP address , which allo ws it to communi[...]

1-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons • Generate IP session logs, session re play , an d trigger packets display . IP session logs are use d to gather information ab out unauthor ized us e. IP l og files ar e wri [...]

1-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns • Filter out kno wn fa lse positi ves c aused by spec ia li zed software, such a s vulnerability scanner and load balancers by one of the following methods: – Y ou can conf igur e [...]

1-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons Ther e are thr ee int erface role s: • Command and co ntrol • Sensing • Alternate TCP rese t There ar e restrictions on w hich roles you ca n assign to specific interface [...]

1-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns Sensing Interfaces Sensing inter faces are used by the sensor to analy ze traff ic for secu rity violations. A se nsor has one or more se nsing interface s depending on the se nsor . S[...]

1-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons ASA 5500 AIP SSM -40 — GigabitEthern et 0/1 by security context instead of VLAN pair or inline interface pair GigabitEthernet 0/1 b y security context instea d of VLAN pair or[...]

1-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns IPS 4255 — GigabitEthernet 0/0 GigabitEthernet 0/1 GigabitEthernet 0/2 GigabitEthernet 0/3 0/0<->0/1 0/0<->0/2 0/0<->0/3 0/1<->0/2 0/1<->0/3 0/2<->[...]

1-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons IPS 4270 -20 2SX Slot 1 Slot 2 GigabitEthernet 3/0 GigabitEthernet 3/1 GigabitEthernet 4/0 GigabitEthernet 4/1 All sensing p orts can be paired together Manageme nt 0/0 Manageme[...]

1-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns Note The IPS 4260 supports a mixture of 4GE- BP , 2SX, and 10GE car ds. Th e IPS 4270-20 suppor ts a mixture of 4GE-BP , 2SX, and 10GE cards up to a total of either six card s, or six[...]

1-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons TCP Reset Interfaces This section explains the T CP reset interf aces and wh en to use them. It contains the following topics: • Understandin g Alterna te TC P Reset In terfa[...]

1-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns Designati ng the Alte rnate TCP Reset Interf ace Note There is only one sensing interface on the A SA IPS modules (ASA 5500 AI P SSM, ASA 5500-X IPS SSP, and ASA 5585-X I PS SSP), so [...]

1-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons – For Gigabit copper interfa ces (1000-TX on the IPS 4240, IPS 4255, IPS 4260, IPS 4270-20,, IPS 4345, IPS 436 0, IPS 4510, and IPS 452 0), valid speed settings are 10 Mbps, [...]

1-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns – The comman d and contr ol int erface canno t se rv e as the altern ate TCP reset interface fo r a sensing interface. – A sensing interface cannot serve as its ow n altern ate TC[...]

1-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons • VLAN Gro up Mode, page 1 -18 • Deploying VLAN Groups, pa ge 1-18 Promiscuous M ode In promisc uous mod e, pac kets do not f low through the sensor . The sensor a nalyzes [...]

1-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns The following configuration uses on e SP AN session to send all of the traf f ic on any of the specified VLANs to all of the specif ied ports. Each port c onfiguration on ly allows a [...]

1-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons Figure 1-3 illustrates inline interface pair mode: Figur e 1 -3 Inline Int erf ace Pa ir Mode Inline VLAN Pair Mode Note The ASA IPS modules (,ASA 5500 AIP SSM, ASA 5500-X IPS [...]

1-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns VLAN Group Mode Note The ASA IPS modules (ASA 5 500 AIP SSM, ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP) do not support VLAN g roups mod e. Y ou c an divide each physical in terface o[...]

1-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Supp orted Sens ors Y ou ca n also connect applia nces between two switch es. There are two v ariations. In the first v ariatio n, the tw o port s are co nf igured as ac cess po rts, so the y carr y a sin[...]

1-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor IPS Appliances For More Informatio n For instructions on how to obtain th e most recent Cisco IPS software, see Obtaining Cisco IPS Software, page C-1 . IPS Appliances This section de scribes the Cisco applian [...]

1-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r IPS Appliances Introducing th e IPS Applian ce Note The cur rently supported Cisco IPS app liances ar e the IPS 42 40, IPS 4255 , and IPS 42 60 [IPS 7.0(x) and later an d IPS 7.1(5) and late r], IPS 4 270[...]

1-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor IPS Appliances Appliance R estric tions The following restrictions ap ply to u sing an d operatin g the ap pliance: • The applian ce is not a general purp ose workstation. • Cisco System s prohibits using t[...]

1-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Time Sour ces and the Sensor Time Sources and the Senso r This section explains the importanc e of having a re liable time sour ce for the sensor s and ho w to correc t the time if there is an error . It [...]

1-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor Time Sources and the Sensor Verifying the Sensor is Synchr onized with the NTP Server In the Cisco IPS, you can not apply an incorre ct NTP configuration, such as an in v alid NTP key v alue or ID, to the sen s[...]

1-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Time Sour ces and the Sensor T o ensure the inte grity o f the time sta mp on the ev ent records, you must clear the ev ent arch i ve of th e older ev ents by using the clear event s command . Note Y ou c[...]

1-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor Time Sources and the Sensor[...]

CH A P T E R 2-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 2 Preparing th e Appliance for Installatio n Thi s chapte r des cribe s the st eps to f ollo w before i nstal ling ne w ha rdwar e or pe rfor ming ha rdw are upgrade s, and includes the follo wing sections: • Installation Pre[...]

2-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 2 P reparing the Appliance for Installation Safety Recommen dations For More Informatio n • For ESD guidelines, see Electricity Safety Guidelines , page 2-2 . • For the pr ocedure f or wor king in an ESD en vironment, see W orking in a[...]

2-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 2 Preparing the Ap pliance for Inst allation Safety R ecommen dations Foll ow these guidelines when working on equipm ent po were d b y electric ity: • Before beginning proc edures that requir e access to the in ter ior of th e ch[...]

2-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 2 P reparing the Appliance for Installation Safety Recommen dations Working in an ES D Environment W o rk on ESD-se nsiti ve parts only at an a pproved static -safe station on a ground ed static dissipativ e work surf ace, for e xam ple, a[...]

2-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 2 Preparing the Ap pliance for Inst allation General Site Req uireme nts General Site Requirements This se ction describe s the re quirement s your site must me et for safe insta llation and o peration o f your IPS appliance. This s[...]

2-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 2 P reparing the Appliance for Installation General Site Requirements Power Supply Consid erations The IPS 427 0-20 ha s an A C power supply . Th e IPS 4345, IPS 4360, IPS 4 510, and IPS 4 520 have either an AC or DC power suppl y . Follo [...]

CH A P T E R 3-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 3 Installing the IP S 4240 and IPS 425 5 Contents This c hapter desc ribes the IPS 4240 and IP S 4255, a nd contai ns the fo llowing sections: • Installation Notes and Cav eats, page 3-1 • Product Overview , page 3 -2 • F[...]

3-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Product Overv iew Note The illustration s in this chapter sho w the Cisco IPS 4 240 appliance sen sor . Th e IPS 4240 and the IPS 4255 look id e nt ic a l w it h th e s a me fr o nt and back p anel fe[...]

3-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Front and Back Pa nel Featu res Front and Back Pan el Features Note Although the graphics sho ws the IP S 42 40, the IPS 425 5 has the s ame front a nd back panel f eatures and indicators. This[...]

3-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Specifications Figure 3-3 sh o ws the four built-in Ethernet ports, which have tw o indicators per por t. Figur e 3-3 Ether net P ort In dicato rs Ta b l e 3 - 2 lists the back panel indicators. Speci[...]

3-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Connecting the IPS 4240 to a Cisco 7200 Series R outer Connecting the IPS 4240 to a Cisco 7200 Se ries Router When an IPS 42 40 is con nected d irectly to a 7200 series r outer an d both th e I[...]

3-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Rack Mounting The IPS 4240 a nd IPS 42 55 acc essories kit contains the following: • DB25 conn ector • DB9 conne ctor • Rack moun ting kit—screws, wash ers, and me tal bracket • RJ45 cons ol[...]

3-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240 and IPS 4255 Step 2 Use the supplied screws to attac h th e appli ance to the equip ment rack. Step 3 T o remov e the appl iance fr om the rack , remo v e the scre ws th[...]

3-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240 and IPS 4255 T o in stall the IPS 4 240 and IPS 425 5 on the network, follo w these steps: Step 1 Position the appliance on the network. Step 2 Attach the grounding lu g to the[...]

3-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240 and IPS 4255 Step 6 Connect the RJ- 45 connecto r to the console port and conn ect the other end to the DB-9 o r DB-25 connec tor on your co mputer . Step 7 Attach the n[...]

3-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Insta lli ng the I PS 42 40-DC For More Informatio n • For more information on working with electr ical po wer and in an ESD en vi ronment , see Safety Recomm endation s, page 2-2 . • For the pro[...]

3-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240-DC T o install the IPS 4240-DC, follow these steps: Step 1 Position the IPS 4240-DC on the n etwork. Step 2 Attach the grounding lu g to the sid e of the a ppliance. No[...]

3-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Insta lli ng the I PS 42 40-DC Step 9 Insert the g round wire into the co nnector for the ea rth gr ound and tighten the screw on the connec tor . Using the sa me method as for the ground wire , conn[...]

3-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240-DC For More Informatio n • DC power gui delin es are l isted in Re gulatory Comp liance and Safety Information for the Cisco Intrusion Prevention System 4200 Ser ies [...]

3-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Insta lli ng the I PS 42 40-DC[...]

CH A P T E R 4-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 4 Installing the IP S 4260 Contents This c hapter d escribes IPS 4260, and contains the following sections: • Installation Notes and Cav eats, page 4-1 • Product Overview , page 4 -2 • Supported Inte rface Cards, page 4 -[...]

4-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Product Overv iew Note In IPS 7.1, rx/tx flow control is disab led on the IPS 4260. T his is a chang e from IPS 7.0 whe re rx/tx flow control is enabled by d efault. Cautio n The BIOS on IPS 4260 is specific to IP[...]

4-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Suppo rted Int erf ace Cards • For more info rmation on installing and r emoving the power supply , se e Installing and R emoving the Po wer Supply , page 4-23 . Supported Interfac e Cards The IPS 4260 su[...]

4-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Hardwa re Bypa ss Figure 4-2 shows the 2SX in terfa ce card. Figu re 4-2 2SX I nterface Card 10GE I nterfa ce Card The 1 0GE interface card (p art numbe rs IPS-2X10 GE-SR -INT an d IPS-2X10 GE-SR -INT=) pr ovides [...]

4-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Hardware By pass 4GE Bypa ss Inte rface C ard The IPS 4 260 supp orts the 4-port Giga bitEthernet card ( part number I PS-4GE-BP-IN T=) with hardware bypass. This 4 GE bypass in terface ca rd suppor ts hard[...]

4-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Hardwa re Bypa ss The fo llowing configuration restri ctions apply to hardware bypass: • The 4-por t bypass card is only supported on the IPS 4260. • Fail-open hardware by pass on ly works on inline interfaces[...]

4-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Front and Back Pa nel Featu res Front and Back Pan el Features This section describe s the IPS 4260 f ront and ba ck panel features a nd indicators. Figur e 4-4 shows the front view of IPS 4260. Figur e 4-4[...]

4-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Front and B ack Panel Fe atures Figure 4-5 sh ows the back view of the I PS 4260. Figur e 4-5 IPS 4260 Ba ck P anel Fea tur es Figure 4-6 sh o ws the two built-in Ethernet ports, which hav e two indicators per por[...]

4-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Specifi cations Ta b l e 4 - 3 lists the po wer supply indicator . Specificati ons Ta b l e 4 - 4 lists the specif ications for the IPS 4260. T able 4-3 Po w er Supply Indicat ors Color Desc ription Off No [...]

4-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Accesso ries Accessories War nin g IMPO RT ANT SAFETY INSTRUC TIONS This warning symbol means dang er . Y ou are in a sit uation that could cause bodily injury . Before you work on any equipment, be awa re of the[...]

4-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mo unting Installing the IPS 4260 in a 4-Post Rack T o ra ck mount the IPS 426 0 in a 4-post rack, follow these steps: Step 1 Attach eac h inner r ail to each si de of the chassi s with three 8-3 2x1/[...]

4-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mounting Step 2 Attach the front-tab mounting bracket to the chassis with two 8-32x1/4’ SEMS scre ws. Y ou can flip the bracket to push the system forward in the rack. Step 3 Using the four inner studs, in[...]

4-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mo unting Step 4 Install the two outer rail subassemblies in the rack using eigh t 10-32x1/2” SEM S screws. Y ou can use four bar nuts if nec essary . Adjust the mounting brackets based on ra ck dep[...]

4-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mounting Installing the IPS 4260 in a 2-Post Rack T o rack mount the IPS 426 0 in a 2-post rack, follow these steps: Step 1 Attach the i nner rai l to each s ide of the chassi s with three 8 -32x1/ 4” SEMS[...]

4-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mo unting Step 3 Install the two outer rail subassemblies in the rack using twelve 10-32x1/2” SEMS screws or whatev er rack h ardwa re is n ecessa ry . A djust th e mou n ting brac kets based on the[...]

4-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing the IPS 4260 Step 5 Install four 8-32x7/16” SEMS screws through the clearance slots in the side of e ach outer rail a ssembly into the inner rail . Installing the IPS 4260 War nin g Only trained and [...]

4-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing th e IPS 4260 T o install the IPS 4260 on the network, follo w these steps: Step 1 Position the IPS 4260 on the network . Step 2 Attach the grounding lu gs to the b ack of the IPS 42 60. Note Us[...]

4-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing the IPS 4260 Step 6 Connect the RJ- 45 connecto r to the console port and conn ect the other end to the DB-9 o r DB-25 connec tor on your co mputer . Step 7 Attach the net wor k cabl es. The IPS 4260 h[...]

4-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Removing and Repl acing th e Chassis Co ver Step 9 Initialize the IPS 4260. Step 10 Upgrad e the IPS 426 0 with the most re cent Cisco IPS s oftware. Y ou a re no w ready to configure intrusion prev ention[...]

4-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Removing an d Replacing the Chassis Cover Cautio n Follo w proper safe ty procedures w hen removing and replacin g the chassis cover b y reading the safety warnings in Regulatory Compliance and Safe ty Informatio[...]

4-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Instal ling and Removin g Interf ace Ca rds Step 11 Power on the IPS 4260. For More Informatio n • For the ID M p rocedure for r esetting the IP S 42 60, ref er to Rebooting the Sensor ; for the IME proc[...]

4-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving Interfa ce Cards Step 8 Remo ve the c ard car rier b y p ulling u p on th e tw o bl ue rele ase tab s. Use equal pressu re and lift the car d carri er o ut of t he ch assi s. Step 9 W ith[...]

4-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving the Power Supply For More Informatio n • For the pr ocedure for at taching po wer co rds an d cables to the I PS 4260, see Installing the IPS 4260, page 4-16 . • For a n illust[...]

4-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving the Power Supply Step 5 Squeeze the tabs to remov e the filler plate. Step 6 Install the po wer supply . Step 7 T o re mov e the power supply , push down the green tab and pull out the po[...]

4-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving the Power Supply For More Informatio n For the IDM pro cedure for resetting the IPS 4260, r efer to R ebooting the Sensor ; for the IME proced ure, refer t o Rebooting the Sensor .[...]

4-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving the Power Supply[...]

CH A P T E R 5-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 5 Installing the IPS 427 0-20 Contents This chap ter de scribe s the IPS 4270- 20 , and incl udes the follo wing sections : • Installation Notes and Cav eats, page 5-1 • Product Overview , page 5 -2 • Supported Inte rface[...]

5-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Product Overv iew War nin g This product relies on the buildi ng’ s installation fo r short-circuit (overcurrent) protection. Ensure t hat the protective device is rated not greater than 120 V AC, 20 A U.S. ([...]

5-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Product Ove rview Media -rich en vironm ents a re ch aracter ized by c ontent , such a s that seen on po pular websites with video and f ile transfer . Tr ansact ional e n vironments are chara cteriz ed [...]

5-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Supported Inte rface Cards • For more information on the 4GE b ypass interface card, see Har dwa re B ypas s, pa ge 5 -5 . • For more information about the power supplies, see Installing and Removing the Po[...]

5-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Hardware By pass Figure 5-3 shows the 2SX in terfa ce card. Figu re 5-3 2SX In terf ace Card 10GE I nterfa ce Card The 1 0GE interface card (p art numbe rs IPS-2X10 GE-SR -INT an d IPS-2X10 GE-SR -INT=) [...]

5-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Hardwa re Bypa ss 4GE Bypa ss Inte rface C ard The IPS 4270-2 0 supports th e 4-p ort GigabitEth ernet car d (part num ber IPS-4GE -BP-INT=) with hardware bypass. This 4GE bypass interface car d supports har dw[...]

5-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Hardware By pass The fo llowing configuration restr ictions apply to hardwa re bypass: • The 4-por t bypass card is only supported on the IPS 4270- 20. • Fail-open hardware by pass on ly works on inl[...]

5-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and B ack Panel Fe atures Front and Back Pan el Features This se ction describe s the IPS 4270-2 0 front a nd back panel features, indicators, and internal comp onents. Figure 5- 5 shows the fro nt view o[...]

5-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and Back Pa nel Featu res Ta b l e 5 - 1 describes the front panel switc hes and indicators on the IPS 4270-20. T able 5-1 Fr ont P anel Switc hes and In dicat ors Indicator D escription UID swit c[...]

5-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and B ack Panel Fe atures Figure 5-7 sh ows the back view of the I PS 4270- 20. Figur e 5-7 IPS 4270-2 0 Bac k P anel Feat ur es 1 1 2 3 4 5 6 7 8 9 PCI-E x4 PCI-E x8 PCI-E x4 PCI-E x8 PCI-E x4 PCI-X 100[...]

5-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and Back Pa nel Featu res Figure 5-8 shows the b uilt-in Ethernet port, which has tw o indicators per por t, and the po wer supply indicators. Figur e 5-8 Ether net P ort In dicato rs Ta b l e 5 -[...]

5-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and B ack Panel Fe atures Off Flashing • AC p ow e r p r e s e n t • Standby mode Off On Normal T able 5-3 Po w er Supply Indicat ors (co ntinued) Fail Indica tor 1 Amber Power Indicator 2 Green Desc[...]

5-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and Back Pa nel Featu res Figure 5-9 sh ows the internal comp onents. Figur e 5-9 IPS 4270-2 0 Inter nal Components 250249 Cooling fa ns Sensing interf ace e xpansion slots Po w e r supply Po w e [...]

5-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Diagnos tic Panel Diagnostic Pan el The front pan el health indicators only indicate the current hardw are statu s. The Diagn ostic P anel indica tors iden tify com ponents e xpe riencin g an error , e ven t, [...]

5-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Specifi cations For More Informatio n • For the location of the Diagnostic Pa nel in the IPS 42 70-20 ch assis, see Figure 5-9 on pa ge 5-13 . • For inf ormation on ho w to access t he Diagnostic P [...]

5-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Accesso ries Accessories The IPS 427 0-20 accessori es kit contains the following: • DB-9 c onnector • DB-9/R J-45 conso le ca ble • T wo E thern et RJ-45 cables • Re gulatory Complian ce and Safety In[...]

5-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit No tools are requ ired fo r the round - and squa re-h ole rack s. Y ou may need scre ws tha t f it the threa ded-hol e rack and a driv er fo r those sc rews.Y ou need a st[...]

5-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Installing the IPS 4 270-20 in the Rack War nin g This procedure requires two or more people to position the IPS 4270-20 on the slide assemblies before pushing it in to the rack[...]

5-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit Step 3 T o remove the chassis side rail, l ift the latch, and slide the rail forward. 1 2345678 Cisco IPS 4270 SERIES Intrusion Prevention Sensor U I D S Y S T E M P W R S[...]

5-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 4 If you a re installing the IPS 4270- 20 in a sha llo w rack, one that is less than 28.5 in . (72.39 cm), rem ov e the scre w f rom the insi de of the slide as sembly be f[...]

5-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit Step 5 Attach the sl ide assemblies to the rack. For round- and squ are-hole rac ks: a. Line up the stud s on the slide assembly with the hole s on th e insi de of the r a[...]

5-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit For threade d-hole ra cks: a. Remove the eight round- or square -hole studs on each slide a ssembly using a s tandar d scre wd ri v er . Note Y ou ma y need a pair of pliers to [...]

5-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit b. Line up the brack et on the slide assembly with th e rack holes, install two screws (top and bottom) on ea ch end of t he slide asse mbly . c. Repeat f or ea ch slide a[...]

5-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 6 Extend the slide a ssemblies out of the rack. 250211[...]

5-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit Step 7 Align the chassis side rails on the IPS 4270-20 with the slide assembly on both sides of the rack, release the blue slide tab (by either pulling the tab forward or [...]

5-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 9 Install th e electrical cables at the back of the IPS 4270-2 0. For More Informatio n • For the proce dure fo r install ing th e cable mana geme nt arm , see Installing[...]

5-27 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit T o extend the IPS 4270-20 from the rack, f ollow these steps: Step 1 Pull the quick-relea se le vers on ea ch side of the fron t beze l of the IPS 4270-20 t o release it [...]

5-28 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 3 T o completely remov e the IPS 4270-20 from the r ack, discon nect the cable s from the back of the IPS 4270-2 0, push the re lease tab in the middle of the slide assembl[...]

5-29 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit T o install the cable m anagement arm, follo w these steps: Step 1 Align the slide bra cket on the cab le manage ment arm with the stud on the back of the IPS 4270- 20 and[...]

5-30 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 2 Attach th e cable trough to th e back of the r ack by pushing the lower metal tab on the cable mana gement arm in to the slide assemb ly , then lifting the spring pin to [...]

5-31 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit Step 3 Rout e the ca bles throug h the cabl e trou gh and secur e the c ables with t he V elcro s traps and black t ie wraps. Note After you ro ute the cables th rough the[...]

5-32 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 4 Attach the c able ma nage ment arm st op bra cket to the ri de side of the back of the rack by inserting the stop bracket into the cable manage ment arm brac ket. Conver [...]

5-33 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit T o con vert the cable managem ent arm swin g, fo llo w the se step s: Step 1 Pull up the sp ring pin an d slid e the brac ket of f the cable ma nage ment arm. 250218[...]

5-34 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 2 Remov e the bottom sliding bracket and f lip it ov er to the top of the bracke t aligning the studs. 250219[...]

5-35 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Instal ling the IPS 4270-20 Step 3 On the other side of the sliding br acket, align the spring pin with the studs and key holes, and slide until the pin sn aps in to place . Note The sliding bracket onl[...]

5-36 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Inst allin g the IP S 427 0-20 with standard practices for preventing acci dents. Use the statement number provided at the end of each warning to locate it s translation i n the translat ed s afety warnings th[...]

5-37 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Instal ling the IPS 4270-20 Step 4 Connec t the RJ-4 5 to DB-9 adapter connecto r to t he conso le port and con nect the othe r end to th e DB-9 connec tor on your co mputer . Computer serial por t DB-9[...]

5-38 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Inst allin g the IP S 427 0-20 Step 5 Attach the net wor k cabl es. The IPS 4270-2 0 has the followi ng interfaces: • Managem ent 0/0 (MGMT 0/0) is the comman d and control port. • GigabitEthernet slot_num[...]

5-39 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Removing and Repl acing th e Chassis Co ver For More Informatio n • For more information on working with electr ical po wer and in an ESD en vi ronment , see Safety Recomm endation s, page 2-2 . • F[...]

5-40 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Removing an d Replacing the Chassis Cover War nin g This unit might have more than one p ower supply connection. All connections must be removed to de-energize the unit. Statement 1028 Note Remo ving the app l[...]

5-41 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Removing and Repl acing th e Chassis Co ver Step 8 Lift up the cover l atch on the top of the chassis. Step 9 Slide the chassis cover back and up to remove it. Cautio n Do not oper ate the IPS 4270-20 w[...]

5-42 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Accessi ng the Diagn ostic Pane l Note Make sure the chassis cover is secu rely locked in to pl ace befor e powering up the IPS 4270-20 . Step 11 Reattach the power cables to the IPS 4270-2 0. Step 12 Reinstal[...]

5-43 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Instal ling and Removin g Interf ace Ca rds Installing and Removi ng Interface Cards Cautio n Follo w prope r safety p rocedur es when p erforming these steps by reading th e safety wa rnings in Re gula[...]

5-44 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving Interfa ce Cards Step 8 T o u nlock the expansion car d slot, push down on the ce nter part of the blue tab and op en the la tch. Step 9 T o unins tall a c ard, lift the ca rd out of t[...]

5-45 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply For More Informatio n • For a n illustration of the e xpansion card slots, se e Figure 5-7 on page 5-1 0 . • For an illustration of the supported interface [...]

5-46 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply Step 5 Use the T - 15 T or x screwdriv er that shipped with the IPS 4270-2 0 to remove the shipping screw . The T - 15 T orx screwdriver is located t o the righ t of p[...]

5-47 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply Step 6 Remov e the power supply by pulling it away from the chassis. 250219[...]

5-48 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply Step 7 Install the p o wer supply . Make sur e the hand le is open and slide the power supply into the bay . 1 2 3 4 PCI-E x4 PCI-X 100 MHz Reserved for Future Use CON[...]

5-49 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply Step 8 Lock the power supply ha ndle. Step 9 Reconnect the po wer cables. B e sure th at the po wer su pply indicator is green and the front panel health indica[...]

5-50 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving Fans Installing and Removing Fans There ar e six fans in the IPS 4270- 20. The IPS 42 70- 20 supports redun dant hot-pluggab le fans in a 5 + 1 configuration to provide proper airflow [...]

5-51 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Removing Fans Step 4 Remove the failed fan b y graspin g the red plastic handle an d pulling up. Note Remove and replace one fan at a time. If the IPS 4 270-20 detect s two f ailed fans, [...]

5-52 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Troubles hooting Loose Con nections Troubleshooting Loose Connections Perform the following actions to trouble shoot loose connec tions on sensors: • Make sure al l po we r cord s are se curel y conne cte d.[...]

CH A P T E R 6-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 6 Installing the IP S 4345 and IPS 436 0 Contents This cha pter describ es the Cisco IPS 4345 and the I PS 4360, a nd include s the following se ctions: • Installation Notes and Cav eats, page 6-1 • Product Overview , page [...]

6-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Product Overv iew Product Overview The IPS 4345 deli ver s 500 Meg abits of int rusion pre v ention performance. Y ou can use th e IPS 4345 to protect both ha lf Gig abit sub nets an d aggr eg ated tr[...]

6-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Specifi cations Op eratin g power Steady state/ma ximum 372W 382W T o tal heat d issipation 730 BTU /hr 730 BTU /hr Output h old-up time 20mS 12mS Inrush cu rrent 40A 40A Environme nt T emp e[...]

6-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Accesso ries Accessories Figure 6-1 an d Figure 6-2 displa y the conten ts of the sensor packing box, w hich contains the ite ms you need to install t he sensor . Figur e 6-1 IPS 4345 P acking Bo x Co[...]

6-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Front and Back Pa nel Featu res Figur e 6-2 IPS 4360 P acking Bo x Content s Front and Back Pan el Features This se ction describe s the IPS 4345 a nd IPS 43 60 front and ba ck pane l feat ur[...]

6-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Front and B ack Panel Fe atures Figure 6-4 sh o ws the indicators for the IPS 4345. These i ndicator s are also found on the bac k panel of the IPS 43 45. Figur e 6-4 IPS 4345 I ndicat ors Figure 6-5 [...]

6-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Front and Back Pa nel Featu res Figure 6-6 sh ows the back pane l features of the IPS 4345. Figur e 6-6 IPS 4345 Ba ck P anel Fea tur es PS1 Indica tes the state of the po wer supply module i[...]

6-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Front and B ack Panel Fe atures Figure 6-7 sh ows the back pane l features of the IPS 4360. Figur e 6-7 IPS 4360 Ba ck P anel Fea tur es Ta b l e 6 - 3 describes the rear MGMT and networ k interface i[...]

6-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Rack Moun t Instal lation Rack Mount Installat ion This section describes how to rack mount the 4300 series chassis, and cont ains the following topics: • Rack-M ounting G uideline s, page [...]

6-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Rack Mount Install ation Installing the IPS 4 345 in a Rack The IPS 4345 ships with the rack mount brackets inst alled on the fron t of the chass is. Use th ese brack ets to mount the chassis to the [...]

6-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Rack Moun t Instal lation Step 4 Attach the c hassis to the rac k using the supplied scr e ws ( Figure 6-10 ). Figur e 6-1 0 Rac k-Mounting the Chas sis Step 5 T o remove the cha ssis from t[...]

6-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Installing the A ppliance on th e Network Installing the Appli ance on the Network War nin g IMPO RT ANT SAFETY INSTRUC TIONS This warning symbol means dang er . Y ou are in a sit uation that could c[...]

6-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 I nst allin g the Appl ianc e on the Ne twork Step 4 Connect to the m anagement port. Connect on e RJ-45 co nnector to the management p ort and con nect the other end to the ma nagement po r[...]

6-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Installing the A ppliance on th e Network Step 5 Connec t to the cons ole port . The cons ole cable h as a DB-9 c onnector on on e end for the serial port on your co mputer , and th e other end is an[...]

6-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Step 8 Po wer on the appliance. Step 9 Initial ize the appl iance . Step 10 Install the most re cent Cisco I PS software. Y ou are now rea dy to c[...]

6-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply The power sup plies each pr ovide 400 W of ou tput power and are used in a 1 + 1 redund ant co nfiguration. There is no input switch on the faceplate of the[...]

6-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Ta b l e 6 - 4 describes th e power supply indicator . The func ti on of the indicato r is the same for both the AC and DC po wer sup plies. Remov[...]

6-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply T o r emove and install the AC po wer supply , follo w these steps: Step 1 If you are adding an additio nal power supply , f rom th e back of th e appli anc[...]

6-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Step 3 Install the ne w po wer supply by aligning it with the po wer supply bay and pushing it into place until it is seated w hile supporting it [...]

6-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply Installing DC Input P ower War nin g The covers are an integral part o f the safety des ign of t he product. Do not operate the unit without the covers inst[...]

6-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Figure 6-16 shows the back panel of the IPS 4345 with the DC power supply . Figur e 6-1 6 IPS 4345 Ba ck P anel Figure 6-17 shows the back panel o[...]

6-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply T o connect the DC po wer supp ly on the appl iance, fo llo w these step s: Step 1 Make sure tha t the chassis ground is connec ted on the cha ssis before y[...]

6-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Step 6 Identify the positive, ne gativ e, and gro und feed positions fo r the DC power supply connectio n. The recomm ende d wirin g sequ ence is [...]

6-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply Figure 6-20 shows the DC po we r supp ly wi th lead wires. Figur e 6-2 0 DC P ower Supply wit h Lead Wir es Step 7 Insert th e exposed end of one of the gro[...]

6-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Removin g and Insta lling the DC Powe r Supply Note This proc edure app lies only to the applian ces with a removable DC power supply (IPS 436 0).[...]

6-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply c. Push the lev er on the power supply to the left and remov e the power supply by grasping the handle and then pulling the po wer supply out of the chassi [...]

CH A P T E R 7-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 7 Installing the IP S 4510 and IPS 452 0 Contents This cha pter describ es the Cisco IPS 4510 and IPS 4520, and inclu des the follo wing sections: • Installation Notes and Cav eats, page 7-1 • Product Overview , page 7 -2 ?[...]

7-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Product Overv iew War nin g Only trained and qualified personnel should inst all, replace, or service this eq u i p m e n t . Statement 49 Cautio n Read the safety w arnings in the Re gulatory Complia[...]

7-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Front and Back Pa nel Featu res IME The Intr usion Pre vention System Manag er Express (IM E) 7.2.3 and later also support the IPS 4 510 and IPS 4520. IM E is a network manageme nt applicat i[...]

7-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Front and B ack Panel Fe atures Figure 7-2 sh o ws the front panel indicators. Figur e 7 -2 F r ont P anel Indicat ors Ta b l e 7 - 1 describes the front panel indicato r s on the IPS 4510 and IPS 4 5[...]

7-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Front and Back Pa nel Featu res PS1 Indica tes the state of the po wer supply module installed on the right when facing the back pane l: • Off—No power supply module pr esent or no AC inp[...]

7-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Front and B ack Panel Fe atures Figure 7-3 shows the ba ck panel fe atures. Figur e 7 -3 Bac k P anel F eatur es Figure 7-4 sh ows the po wer supply module ind icators. Figur e 7 -4 P o wer S upply Mo[...]

7-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Front and Back Pa nel Featu res Ta b l e 7 - 2 describes the power supply module an d fan module indicator s. Ta b l e 7 - 3 describes the Ethernet por t indicators. T able 7 - 2 Po w er Supp[...]

7-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Specifications Specificati ons Ta b l e 7 - 4 lists the specif ications for the IPS 4 510 and IPS 452 0. 10-Gigabit Ethernet Fiber (SFP+)/1-Gigabit Ethernet F iber (SFP) • Left s ide: – Of f—No [...]

7-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Accessories Accessories The conte nts of the sensor pac king box contai ns th e following items you need to install the sensor : • Senso r chassis • Documen tation • 2 Y ello w Et herne[...]

7-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Memory C onfigurations Memory Configurations The IPS 4510 a nd IP S 4520 hav e up to 6 DI MM module s per CPU. DIMM p opulation is platfor m-depen dent. Ta b l e 7 - 5 sho ws the memory co nf igur at[...]

7-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing the IPS 4510 and IPS 4520 Ta b l e 7 - 7 lists the SFP/SFP+ modules that the IPS 45 10 and IP S 4520 sup port. Installing the IPS 4510 and IPS 4520 The IPS 451 0 and IPS 4 520 hav[...]

7-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing the IPS 4 510 and IPS 4520 b. Connect one RJ -45 connector to the Managemen t 0/0 interface. c. Connect the othe r end of the Eth ernet cable to the Ethernet por t on your compu ter or to [...]

7-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing the IPS 4510 and IPS 4520 b. Connect one e nd of the LC cable to the SFP/SFP+ module. c. Connect the othe r end of the LC cable to a network device, such as a router or switch. St[...]

7-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Removing an d Installing the Core IPS SSP Step 6 Po we r on the sensor . Cautio n If the appliance is subje cted to en vironme ntal ov erheatin g, it shuts down and you must manually power cycle it t[...]

7-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Removing and Installing th e Core IPS SSP Step 7 Grasp t he e jection le ve rs at the lef t and r ight bottom of the de signated slot and pull them out. Step 8 Grasp the side s of the module[...]

7-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Removing an d Installing t he Power Supply Module Removing and Installing the Power Supply Module The IP S 45 10 ships with one power supply modu le and one fan mo dule installed, and the I PS 4520 s[...]

7-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Removing and Installing the Power Supply Module Step 5 Install the n e w power supply module by aligning it with the power supply m odule ba y and pushing it into place unti l it is seat ed.[...]

7-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Removing an d Installing t he Fan Modul e Removing and Installing the Fan Module The IP S 45 10 ships with one power supply modu le and one fan mo dule installed, and the I PS 4520 ships with two pow[...]

7-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing the Slide Rail Kit Hardware Step 3 Install the ne w fan module b y aligning it wi th the fan module bay and p ushing it into place until it is seated. Step 4 T ighten the capti ve[...]

7-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit Figure 7-5 sh ows all of the bra ckets that c an be re mov ed for the fixed rack mount. Figur e 7 -5 Br ack ets for t he Fix ed Rac k Moun t Step 4 Attach [...]

7-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing and Remo ving the Slide Rail Kit Package Conten ts The slide rail kit package co nta ins the following items: • Left and right slid e rails • Six #10-32 screws • T wo #10- 3[...]

7-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit For square hole posts, square studs must be attached fully inside the square hole on the rack ra il. F or threaded hole post s, the r ound stud m ust full [...]

7-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing and Remo ving the Slide Rail Kit Step 2 Secure the slide r ail to the r ack po st with the provided #10-32 scre ws b y tightening the scre ws at the front and rear end of the slid[...]

7-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit Step 3 For square hole ra cks, install one #1 0-32 cag e nut on each side of the r ack rail ( Figure 7-10 ). Leave one square hole spacing above the slide [...]

7-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing and Remo ving the Slide Rail Kit Step 4 Install the chassis on the outer r ail. Make sure that the U-bars are ali gned to the outer rail ev enly , then push the chass is in to the[...]

7-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit Step 5 T ighten the scre ws to secure the chassis to the rack ( Figur e 7-1 2 ). Use th e upper hole to secure th e chass is to the rack . a. For square h [...]

7-27 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing and Remo ving the Slide Rail Kit Remov ing the C hass is fr om th e Rack T o remove the chassis from the rack, follow these steps: Step 1 Remov e the scre ws fr om the front brack[...]

7-28 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit Step 3 Press down the release hook to re mov e the chassis fr om the rack ( Figur e 7-14 ). Figur e 7 -14 Pr essing Dow n the Rel ease Hoo k 33 0564[...]

7-29 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Rack-M ounting the Chassis Usi ng the Fi xed Rack Mo unt Step 4 Remo ve th e two scre ws from the front and rea r of the rack that are secur ing the slide ra il, and rel ease the latch and p[...]

7-30 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Rack-Mount ing the Chass is Using the Fixed Rack Mount Step 2 Position the front bracket on the side of the sensor and line up the brac ket scre ws with the screw holes on the sensor . Step 3 T ighte[...]

7-31 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Rack-M ounting the Chassis Usi ng the Fi xed Rack Mo unt Step 9 (O pt i on al ) Install the proper slide-mo unt br ackets on to the rear bracket on th e chassis. Step 10 (Optional) Fo r adde[...]

7-32 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing the Cab le Manageme nt Brackets Installing the Cable Management Brac kets The IPS 4510 a nd IPS 452 0 ship w ith two cabl e mana ge ment b rackets that you can us e to organiz e the cables[...]

7-33 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Troublesho oting Loo se Conn ections Figu re 7 - 17 C able Man agemen t Brack ets for th e Sli de Rai l Step 4 T igh ten t he scre ws in to the rack. Step 5 Reattach the po wer cable to the [...]

7-34 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 IPS 4500 Series Sensors and th e SwitchApp IPS 4500 Series Sensors and the Switch App The 4500 series sensors ha ve a b u ilt in switch that pro vides the e xternal monitoring interfa ces of the sens[...]

CH A P T E R 8-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 8 Installing and Removing the ASA 5500 AIP SSM Contents This chap ter des cribes the ASA 5500 AIP SSM and cont ains the foll o wing secti ons: • Installation Notes and Cav eats, page 8-1 • Product Overview , page 8 -2 • S[...]

8-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Product Overv iew Product Overview The Cisco ASA Adv anced I nspection and Pre v ention Security Services Modu le (AS A 55 0 0 A I P S SM ) i s the IPS plug-in module in the Cisco ASA 5500 ser[...]

8-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Product Ove rview In prom iscuous mo de, the IPS re cei v es packe ts ov er the Gi gabitEthernet inte rf ace, e xamin es them for intrusiv e behavior , and generates alerts base d on a [...]

8-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Specifications Specificati ons Ta b l e 8 - 1 lists the specifications for the A SA 5500 A IP SSM: Memory Specifications Ta b l e 8 - 2 lists the memory specifica tions for the ASA 5500 AIP SS[...]

8-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Indicat ors Indicat ors Figure 8-3 sh ows the ASA 5500 AIP SSM ind icators. Figur e 8-3 ASA 5500 AIP SSM Indicat ors Ta b l e 8 - 3 describes the ASA 5500 AIP SSM in d ic a to rs . Inst[...]

8-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Installation and Removal Instruct ions Step 3 Remove the two screws at the left back end of the c hassis, a nd remove the slot c over . Note Store the s lot co ve r in a sa fe pla ce for fu tu[...]

8-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Installati on and Rem oval Instr uctions • For the proc edure for using HTTPS to log in to th e IDM, re fer to Logg ing In to the IDM . Verifying the Status of th e ASA 55 00 AIP SSM [...]

8-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Installation and Removal Instruct ions Step 5 Locate the groundin g strap from the accessory kit a nd fasten it to your wrist so that it conta cts your bare skin. Attach the other end to th e [...]

CH A P T E R 9-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 9 Installing and Removing the ASA 5585-X IPS SSP Contents This chapter describes the Cisco ASA 5585-X I PS SSP, and contains the follo wing sections: • Installation Notes and Cav eats, page 9-1 • Introdu cing the ASA 5585-X[...]

9-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Introducing the ASA 55 85-X IPS SS P Introducin g the ASA 5585-X IPS SSP Y ou can install the Cisco Intrusion Preve ntion System Security Services Processor (ASA 5585-X IPS SSP) in the ASA[...]

9-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Specifi cations another power supply module for a redunda nt po wer supply c onfiguration. The SSP-10 with IPS SSP- 10 has two CPUs, six DIMM mo dules, two embedde d cryp to acceler a[...]

9-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Hardware and Software Requirements Hardware and Software Requireme nts The ASA 5585-X IPS SSP has t he follo wing hardware and software requirements: • Cisco ASA 5 585-X a daptiv e secur[...]

9-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Front Panel Fe atures Figure 9-2 sh o ws the front v ie w of IPS SSP-40 and IPS SSP-60. Note The illustration shows IPS SSP-40, but it applies to both the -40 and the -60 models. Figu[...]

9-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Front Panel Fe atures Figure 9-3 sh o ws the front panel indicators. Figur e 9-3 ASA 558 5-X IPS SSP F r ont P anel Indicators 5 T enGigabitEthernet 1/9 ( (10-Gb fiber , SFP , or SFP+) 14 [...]

9-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Front Panel Fe atures Ta b l e 9 - 2 descr ibes the front panel indicators on the ASA 5585-X IPS SSP. T able 9-2 ASA 558 5-X IPS SSP F r ont P ane l Indicat ors Indicator D escription[...]

9-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Memory R equirements Ta b l e 9 - 3 sho ws th e Ethernet po rt indica tors. Memory Re quireme nts The ASA -5585-X has up to 6 DIMM modules p er CPU. DIMM population is pla tform-dep endent[...]

9-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP SF P/SFP+ Module s SFP/SFP+ Modules The SFP/SFP+ module is a hot-sw appable input/outpu t de vice that plu gs into the SFP/SFP+ ports and provides Gigabit Ethernet connecti vity . The[...]

9-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Installing the ASA 5585-X IPS SSP Step 3 From the front panel of the ASA 5585-X, loo sen the capt iv e screws on the up per left and rig ht of the slot tray (slot 1), and remove it. Store[...]

9-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Installing SFP/SFP + Modules For More Informatio n • For more information about ESD, see Pr e venting Electrostatic D ischarge Damage , page 2- 3 . • For the procedure for v erif[...]

9-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Verifying the Status of the ASA 5585-X IPS SSP T o connect to the SFP/SFP+ port if you are using fiber ports, follow the se steps: Step 1 Install the SFP/SFP+ module. Step 2 Connect one e[...]

9-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Removing and Repla cing the ASA 5585-X IPS SSP T o verify the status of the ASA 5585-X IPS SSP, follo w these steps: Step 1 Log in to the adapti ve security appliance. Step 2 V erif [...]

9-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Removing an d Replacing the ASA 5585-X IPS S SP Step 7 Grasp t he e jection le ve rs at the lef t and r ight bottom of the mod ule slot and pull them out. Step 8 Grasp the sides of the AS[...]

9-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Removing and Repla cing the ASA 5585-X IPS SSP Step 11 Repla ce the scre ws. Step 12 Reconne ct the power cable to the ASA 5585-X . Step 13 Po wer on the ASA 5585- X. Step 14 V erify[...]

9-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Removing an d Replacing the ASA 5585-X IPS S SP[...]

A- 1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX A Logging In to the Sensor Contents This chapter expla ins how to log in to the sensor . All IPS platforms allow ten concurrent log in se ssions. It contains the follo wing sections: • Supported User Roles, pa ge A- 1 • Loggin[...]

A- 2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appen dix A Log ging In to the Se nsor Logging I n to the Applianc e For More Informatio n For the proce dure for cr eating th e service acc ount, re fer to Creating the Servic e Account, page E-5 . Logging In to th e Appliance Note Y ou ca n log[...]

A-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix A Logging In to the Sens or Connect ing an Applianc e to a Ter minal S erver Connecting an Appl iance to a Te rminal Server A terminal serve r is a router with multiple, lo w sp eed, asynchronous ports that a re connected to other[...]

A- 4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appen dix A Log ging In to the Se nsor Logging In to the ASA 5500 AIP SSP Logging In to the ASA 5500 AIP SSP Y ou log in to the ASA 5500 AIP SSM from the ad apti v e secu rity app liance. T o s ession in to the ASA 550 0 AIP SSM from the ad aptiv[...]

A-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix A Logging In to the Sens or Logging In to the ASA 5500-X IPS SSP Logging In to the ASA 5500-X IPS SSP Y ou log in to the ASA 55 00-X IPS SSP from the adapti v e secu rity applia nce. T o s ession in to the ASA 550 0-X IPS SSP from[...]

A- 6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appen dix A Log ging In to the Se nsor Logging In to the ASA 5585-X IPS SSP For More Informatio n For the proc edure f or using th e setup command to initialize the ASA 5500-X IPS SSP, see Adv anced Setup for the ASA 5 500-X I PS SSP , page B- 17[...]

A-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix A Logging In to the Sens or Logging In to the Senso r For More Informatio n For the procedure for initializing the ASA 5585- X IPS SSP using th e setup command, s ee Adv anced Setup for the ASA 5 585-X I PS SSP , page B- 21 . Logg[...]

A- 8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appen dix A Log ging In to the Se nsor Logging I n to the Sensor[...]

B-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX B Initializing the Sensor Contents This chapter de scribes how to use the setup command to initialize the sensor , and contai ns the follo wing sections: • Understanding Initialization, page B-1 • Simplified Setup Mode, page B-[...]

B-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Simplified Setup Mode Simplified Setup Mode The sensor automatically ca lls the setup command when you co nnect t o the s enso r using a con sole cable and the se nsor basic networ k settings have not yet been co[...]

B-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor System Conf igurati on Dialog Default settings are in square brackets '[]'. Current time: Wed Nov 11 21:19:51 2009 Setup Configuration last modified: Enter host name[sensor]: Enter IP interface[[...]

B-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Basic Sensor Setu p Purpose: Tracks product efficacy Participation Level = "Full" additionally includes: * Type of Data: Victim IP Address and port Purpose: Detect threat behavioral patterns Do you agre[...]

B-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Basic Senso r Setup Step 7 Y ou must co nfigure a DNS server or an HT TP pr oxy server f or glo bal co rrel ation t o op erate: a. Ente r yes to ad d a DNS serv er , and the n enter t he DN S serv er IP a[...]

B-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Basic Sensor Setu p o. Specify the standar d time zone offset. Specify the stan dard time zone offset from UTC in minutes (negative number s repre sent t ime zones west of t he Prim e Mer idian) . The defaul t is[...]

B-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup exit service global-correlation network-participation full exit [0] Go to the command prompt without saving this config. [1] Return to setup without saving this config. [2] Save this config[...]

B-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup Note Adding new subinte rfaces is a two-step proce ss. Y ou first organize the interfaces when you e dit the virtual sensor c onfiguration. Y ou then choose whic h inter faces and subinterface s a[...]

B-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Note The follo wing options let you create and delete interfa ces. Y ou assign the interfaces t o virtual sensors in the virtual sensor c onfiguration. If you are using promiscuo us mode fo[...]

B-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup [3] Add/Modify Promiscuous Vlan Groups. [4] Add/Modify Inline Interface Pairs. [5] Add/Modify Inline Interface Pair Vlan Groups. [6] Modify interface default-vlan. Option: Step 14 Ente r 4 to ad [...]

B-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Step 21 Ente r 4 to add inline in te r face pa ir Ne wP air . Step 22 Press Enter to return to the top-lev el virtual sensor menu. Virtual Sensor: vs0 Anomaly Detection: ad0 Event Action R[...]

B-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup subinterface-type inline-vlan-pair subinterface 1 description Created via setup by user asmith vlan1 200 vlan2 300 exit exit exit physical-interfaces GigabitEthernet0/1 admin-state enabled exit p[...]

B-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Step 30 Apply the mo st recent service pa ck and signa ture update. Y ou ar e now ready to configure your a ppliance for intrusion prevention. For More Informatio n • For the procedure f[...]

B-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup Note Y ou do not ne ed to configure interfaces on the ASA 5500 AIP SSM. Y ou should ig nore the modify interf ace def ault VLAN setting. T he se paration of traf f ic across virtual sensors is co[...]

B-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Step 15 Ente r 1 to use the existing anomaly de tection configuration, ad0. Signature Definition Configuration [1] sig0 [2] Create a new signature definition configuration Option[2]: Step [...]

B-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup no login-banner-text exit time-zone-settings offset 0 standard-time-zone-name UTC exit summertime-option disabled ntp-option disabled exit service web-server port 342 exit service analysis-engine[...]

B-17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup For More Informatio n • For the procedure for obtaining the most recent IPS software, see Obtaining Cisco IPS Sof tware, page C-1 • For the proc edure for using HTTPS to log in to th e[...]

B-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup [1] Modify interface default-vlan. Option: Step 8 Press Enter to retu rn to the top-lev el interface and virtual sensor co nfiguration menu. [1] Edit Interface Configuration [2] Edit Virtual Sens[...]

B-19 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Step 17 Enter the signature-de finition configuration name , newSig . Event Action Rules Configuration [1] rules0 [2] Create a new event action rules configuration Option[2]: Step 18 Ente [...]

B-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup exit service web-server port 342 exit service analysis-engine virtual-sensor newVs description New Sensor signature-definition newSig event-action-rules rules0 anomaly-detection anomaly-detection[...]

B-21 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup – Cisco Intrusion P r evention System Sen sor CLI Configuration Guide for IPS 7. 1 Advanced Setup for the A SA 5585-X I PS SSP T o c ontinue with advanced setup for the A SA 5585-X I PS [...]

B-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup Step 9 Ente r 2 to edit the virtual sensor configuration. [1] Remove virtual sensor. [2] Modify "vs0" virtual sensor configuration. [3] Create new virtual sensor. Option: Step 10 Ente r[...]

B-23 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Note If PortChan nel 0/0 has no t been assig ned to vs0, y ou are prom pted to assign it to the new virtual sensor . Virtual Sensor: newVs Anomaly Detection: ad0 Event Action Rules: rules0[...]

B-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Veri fyin g Init iali zati on event-action-rules rules0 anomaly-detection anomaly-detection-name ad0 exit physical-interfaces PortChannel0/0 exit exit service event-action-rules rules0 overrides deny-packet-inli[...]

B-25 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Verifying Initialization T o verify that you initialized your sensor , follo w these steps: Step 1 Log in to the sensor . Step 2 V iew your c onfiguration. sensor# show configuration ! ------------------[...]

B-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Veri fyin g Init iali zati on summary-mode fire-all exit exit status enabled true exit exit exit ! ------------------------------ service ssh-known-hosts rsa1-keys 10.89.146.1 length 1024 exponent 35 modulus 127[...]

CH A P T E R C-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 C Obta ining Software Contents This chapter pro vides information on obtaining Cisc o IPS software for the senso r . It contains th e follo wing sections: • Obtaining C isco IPS Software, pa ge C-1 • IPS 7.1 Files, page C-2[...]

C-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e IPS 7.1 Files Step 3 Under Select a Sof tware Produc t Category , choose Security So ftwar e . Step 4 Choose Intrusion Prev ention System (IPS) . Step 5 Enter your username an d password. Step 6 In the Do wnload Sof[...]

C-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software IPS Software Ve rsioning IPS Software Versioning When yo u do wnlo ad IPS softwar e im ages fr om Cisc o.com, you s hould u nderst and the ve rsion ing scheme so that you know which files are base file s, which[...]

C-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e IPS Software Versioning Figure C-1 illustrate s what each par t of the I PS software file represents for m ajor and minor up dates, service pack s, and patc h releases. Figur e C-1 IPS Sof tw ar e File Name for Maj [...]

C-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software IPS Software Ve rsioning Signa ture En gine Upd ate A signature e ngine upd ate is an executable f ile containi ng binary c ode to sup port new signature updates. Signature eng ine fil es requir e a specific se[...]

C-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e IPS Software Releas e Examples IPS Software Release Ex amples Ta b l e C - 1 lists platform-inde pendent Cisco IPS software release e xamples . Ta b l e C - 2 describes platfo rm-de penden t software re lease exam p[...]

C-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Acce ssing I PS Docu mentati on Ta b l e C - 1 describes the platform identif iers used in platform-specifi c names. For More Informatio n For instr uctions on ho w to access th ese f iles on Cisco .com, see Ob[...]

C-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Cisco Security Inte lligence Operatio ns Note Although you will see references to other IPS do cumentation sites on Cisco. com, this is the site with the most complete and up-to-date IPS documentation. Step 5 Click [...]

C-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Obtaining a Li cense Key From Cis co.com • Obtaining a Lic ense for the IPS 4270 -20, page C-14 • Licensing the ASA 5500- X IPS SSP , page C-15 • Uninstalling the L icense K ey , page C- 15 Understand ing[...]

C-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Obtaining a License Key Fr om Cisco.c om When you purchase the following IPS produ cts you m ust also purc hase a Cisco Services for IPS servic e contract : • IPS 4240 • IPS 4255 • IPS 4260 • IPS 4270-20 ?[...]

C-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Obtaining a Li cense Key From Cis co.com Step 3 The Lice nsing pa ne disp lays th e status of the cur rent licens e. If you ha v e alrea dy install ed your lice nse, you can clic k Downlo ad to sa v e it if ne[...]

C-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Obtaining a License Key Fr om Cisco.c om Use th e cop y sourc e-url license_file_name lice nse-key comma nd to copy the lic ense key to your sensor . The following options ap ply: • sour ce-url —The loca tion o[...]

C-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Obtaining a Li cense Key From Cis co.com Note Y ou must ha ve th e correct IPS dev ice seri al numbe r and prod uct identi fi er (PID) because the license key only f unctions on the device with that number . S[...]

C-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Obtaining a License Key Fr om Cisco.c om For More Informatio n • For the proc edure for adding a remote h ost to the SSH k nown hosts list, f or the IDM refer to Defining Known Hosts Keys , for the IME re fer to [...]

C-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Obtaining a Li cense Key From Cis co.com Licensing the ASA 550 0-X IPS SS P For the ASA 5500-X ser ies adapti v e secu rity appl ia nces with the IPS SSP , the ASA requires the IPS Module licen se. T o vie w y[...]

C-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Obtaining a License Key Fr om Cisco.c om system is using 33.6M out of 160.0M bytes of available disk space (21% usage) application-data is using 70.5M out of 169.4M bytes of available disk space (44% usage) boot is[...]

D- 1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX D Upgrading, Downgrading, a nd Installing System Images Contents This ch apte r descr ibes how to upgr ade, downgrade, an d install syste m images. It co ntains the f ollo wing sections: • System I mage N otes and Cav e ats, pag[...]

D- 2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Upgrades , Downgrad es, and System Ima ges • Y ou ca nnot use the downgrade com mand to revert to a pre vious major or mino r version, for example, fr om Cisco IPS 7.1 to 7. 0.[...]

D-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Upgradi ng the Sen sor For More Informatio n • For the proc edure for downloading I PS software updates from C isco.com, see Obtaining Cisco IPS Software , page C -1 . ?[...]

D- 4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Upgradin g the Sensor Note Y o u are promp ted for a pa ssword. – scp:—Sour ce URL for the SC P network se rver . The syn tax fo r this pr efix is: scp:/ /[[us ername@] locat[...]

D-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Upgradi ng the Sen sor Note Major u pdates , minor updates , and ser vice pa cks may fo rce a res tart of the IPS pro cesses or e v en force a reboot of the sensor to compl[...]

D- 6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Configuring A utomatic Up grades Upgrading th e Recovery Partition Use the upgrade command to upg rade the recov ery partition wi th the most recent version so that it is ready i[...]

D-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Configuring Automatic Upgrade s Understand ing Automa tic Upgrades Cautio n In IPS 7.1 (5)E4 and later th e defa ult v alue o f the Cisc o serv er IP addr ess has b een cha[...]

D- 8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Configuring A utomatic Up grades • schedule-option —Specifies the schedule s for whe n Cisco se rver automatic upgrades o ccur . Calendar schedulin g starts upgra des at spec[...]

D-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Configuring Automatic Upgrade s Step 3 Configure the sensor to automatically look for ne w upgra des either on Cisco.c om or on yo ur file server: a. On Cis co.com. C ontin[...]

D-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Downgra ding the Sen sor user-name: tester password: <hidden> file-copy-protocol: ftp default: scp ----------------------------------------------- sensor(config-hos-ena)# S[...]

D-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Recovering the Application Partition Recovering the App lication Parti tion Y ou can recov er the application partition image for the sensor if it becomes unusable. So me [...]

D-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images For More Informatio n • For the procedure for upgrading the recovery partition to the most recent version, see Up grading the Recov ery Partiti on, pa[...]

D-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images TFTP Serve rs R OMMON use s TFTP to download an image a nd launch it. TFTP does n ot address network issues suc h as latenc y or error reco very .[...]

D-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Installing the IPS 4270-20 Syste m Image Y ou ca n install the IPS 4270-20 system image by using the R OMMO N on the appliance to TFTP the system image [...]

D-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images • Gateway—Specifies the gateway IP address used by the IPS 4270-20. • Port—Spec if ies the Ethern et interface used for IPS 4270-20 mana g[...]

D-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Step 11 Do wnload a nd insta ll the system image. rommon> tftp Cautio n T o avoid corrupting the s ystem imag e, do n ot remove power from the IPS 42[...]

D-17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images 00 1D 04 8086 25AB System 00 1D 05 8086 25AC IRQ Controller 00 1D 07 8086 25AD Serial Bus 9 00 1E 00 8086 244E PCI-to-PCI Bridge 00 1F 00 8086 25A[...]

D-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images • Conf ig—Unused by t hese pl atfor ms. Note Not all v alues are required to establi sh networ k con nectivity . The ad dress, server, gateway , and[...]

D-19 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images Step 11 Ente r set and press Enter to v erify the netw ork settings. Note Y ou can us e the sync command to store these settings in NVRAM so they [...]

D-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. The sys tem en ters R OMMON mode. T he rommon> prompt ap pears. Step 4 Check[...]

D-21 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images Step 9 If necessa ry define the pa th and filenam e on the T FTP file server fro m which you are downloading the image. rommon> IMAGE= path/fil[...]

D-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images T o install the system image on the ASA 5500-X IPS SSP, follow these steps: Step 1 Do wnload th e IPS syst em image f ile co rrespond ing to your ASA pl[...]

D-23 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images Note T o debug any er rors that may hap pen in the recovery proc ess, use the debug module-boot comman d to enable debugging of the syste m reimag[...]

D-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Step 3 Enter en able mode. asa# enable Step 4 Configure the reco very settings for the ASA 5585-X IPS SSP. asa (enable)# hw-module module 1 recover conf[...]

D-25 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images App. name: IPS App. Status: Up App. Status Desc: Normal Operation App. version: 7.1(3)E4 Data plane Status: Up Status: Up Mgmt IP addr: 192.0.2.0 [...]

D-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Step 2 Boot the ASA 5585-X IPS SSP. Booting system, please wait... CISCO SYSTEMS Embedded BIOS Version 0.0(2)10 11:16:38 04/15/10 Com KbdBuf SMM UsbHid [...]

D-27 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images Note Not all v alues are required to establi sh networ k co nnecti vity . The add ress, s erv er , gate w ay , and im age values are required. If [...]

D-28 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Step 11 Ente r set and press Enter to verify the network settings. Note Y ou can us e the sync command to store these settings in NVRAM so they are main[...]

E-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX E Troubleshooting Contents This appe ndix conta ins troub leshooting tips and pro cedur es for sensors an d so ftware. It contai ns the follo wing sections: • Pre venti ve Maintenance, page E-1 • Disaster Recovery , page E-6 ?[...]

E-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Preventive M aintenance • Creatin g the Service Acc ount, page E- 5 Understand ing Preve ntive Mainte nance The following actions will help you maintain your sensor: • Back up a good configuration. If your curren [...]

E-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting P reven tive Mainte nance sensor# copy /erase backup-config current-config Backing Up and Restorin g the Configu ration File Usin g a Remote Se rver Note W e reco mmend c opying the cur rent con f igurat ion file[...]

E-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Preventive M aintenance Cautio n Copying a co nfiguration file from anothe r sens or may r esult in errors if the sensing interfac es and virtua l senso rs are not co nf igur ed the same. Backing Up the Cu rrent Confi[...]

E-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting P reven tive Mainte nance Creating the S ervice Acco unt Y ou ca n create a service account for T A C to use during trouble shooting. A lthough mor e than one user can have access to the sensor, only one us er ca[...]

E-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Disast er Recovery ************************ WARNING ******************************************************* UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. This account is intended to be used for support and[...]

E-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Recove ring the Passwor d • For the procedu re for using a re mote server to copy and re store the a con f iguration file, see Ba cking Up and Re storing th e Configuration File U sing a R emote Server , page E[...]

E-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Recovering the Pas sword Recovering the Password for the Applianc e This section describes the two ways to recover the password for appliances . It contains the fo llowing topics: • Using th e GRUB Menu, page E-8 ?[...]

E-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Recove ring the Passwor d Step 3 Enter the follo wing commands to reset the password: confreg 0x7 boot Sample R OMMON session: Booting system, please wait... CISCO SYSTEMS Embedded BIOS Version 1.0(11)2 01/25/06 [...]

E-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Recovering the Pas sword Mod MAC Address Range Hw Version Fw Version Sw Version --- --------------------------------- ------------ ------------ --------------- ips 503d.e59c.7c4c to 503d.e59c.7c4c N/A N/A 7.1(4)E4 Mo[...]

E-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Recove ring the Passwor d Using the ASDM T o reset the password in the ASDM, follo w these steps: Step 1 From the ASDM menu bar, choose T ools > IPS Password Reset . Note This option does not appear in the me[...]

E-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Recovering the Pas sword Mod Status Data Plane Status Compatibility --- ------------------ --------------------- ------------- 1 Up Up Step 4 Session to the ASA 5585 -X IPS SSP. asa# session 1 Opening command session[...]

E-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Recove ring the Passwor d Step 3 Click Close to close the dialog box. The sen sor reboots. Disabling Pa sswo rd Recove ry Cautio n If you try to recover the passwor d on a sensor on whic h password recovery is d[...]

E-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Time Sources and the Sensor sensor (config)# service host sensor (config-hos)# Step 3 V erif y the state of pa ssword recovery by using the include keyword to show settings in a filtered output. sensor(config-hos)# s[...]

E-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Time Sour ces and the Sensor The IPS Standa lone Ap plianc es • Use the clock s et command to set the time. This is the default. • Configure the appliance to get its time from an NTP time synchronization sou[...]

E-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Advanta ges and Rest rictions of Virt ualization ... Step 3 Generate the hosts statisti cs again after a f ew minutes. sensor# show statistics host ... NTP Statistics remote refid st t when poll reach delay offset ji[...]

E-17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Support ed MIBs V irtualization has the following restrictions: • Y ou must assign both sides of asym metric traf fic to t he same virtual sensor . • Using V A CL capture or SP AN (prom iscuous moni toring) [...]

E-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing When to Di sabl e Anom aly Detec tion Note CISCO-PR OCESS-MIB is a v ailable on the sensor , b ut we do not support it. W e kno w that some elements are not av ailab le. While you can use elements fr om CISCO-PR OCES[...]

E-19 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Analysi s Engine Not Respond ing • Y ou must have a v alid IPS lice nse to allo w g lobal correlation features to function. • Global co rrelatio n featu res only cont ain ex ternal IP addre sses, so if you p[...]

E-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting Exter nal Product Interf aces ----- MainApp N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500 Running AnalysisEngine N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500 Not Running CLI N-2007[...]

E-21 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance • Y ou ca n configure a maximu m of two external produc t de vices. For More Informatio n • For more information on working with OS maps and identifications, refer to Adding,[...]

E-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance The Applian ce and Jumbo P acket Fram e Size For IPS standalone applianc es with 1 G and 1 0 G fixed or add -on interface s, the maximum ju mbo fram e size is 9216 bytes. Note A jumbo [...]

E-23 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance • Check an y in terlock or interco nnect indi cator s that indicate a compon ent is not co nnecte d proper ly . • If pr oblems co ntinue , remo v e and re inst all each d ev [...]

E-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Cannot Access the Sensor CLI Through Telnet or SSH If you ca nnot access the se nsor CLI throug h T elnet (if you already h av e it enabled) or SSH, follow these steps: Step 1 Log in t[...]

E-25 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance At any point you may enter a question mark '?' for help. User ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'[...]

E-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance For More Informatio n • For th e proc edures for changing the IP ad dress, changi ng the a ccess list, and enabling and di sablin g T el net , refer t o Co nfi guring N etwork Settin[...]

E-27 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance T o verify th at the sensor in question does not have an IP address con flict with another host on the network, follo w these steps: Step 1 Log in to the CLI. Step 2 Determine wh[...]

E-28 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance For More Informatio n • T o ma ke sure the sensor cabling is correc t, refe r to the chapter fo r your sensor in this d ocument. • For the p rocedur e for ma king sur e the IP addr[...]

E-29 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance 6-0600 Upgrade History: IPS-K9-7.1-3-E4 00:30:07 UTC Wed Nov 16 2011 Recovery Partition Version 1.1 - 7.1(3)E4 Host Certificate Valid from: 16-Nov-2011 to 16-Nov-2013 sensor# Ste[...]

E-30 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Total Bytes Received = 0 Missed Packet Percentage = 0 Current Bypass Mode = Auto_off MAC statistics from interface GigabitEthernet0/1 Media Type = backplane Missed Packet Percentage = [...]

E-31 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance For More Informatio n • For the proced ure for pr operly installing th e sensing inter face on your se nsor , refer to the chapter on your appliance in this document. • For t[...]

E-32 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Step 4 Make sure the sensor is seeing packets. sensor# show interfaces FastEthernet0/1 MAC statistics from interface FastEthernet0/1 Media Type = backplane Missed Packet Percentage = 0[...]

E-33 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Pair Status = N/A Link Status = Down Link Speed = Auto_1000 Link Duplex = Auto_Full Total Packets Received = 0 Total Bytes Received = 0 Total Multicast Packets Received = 0 Total[...]

E-34 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Total Jumbo Packets Received = 0 Total Undersize Packets Received = 0 Total Receive Errors = 0 Total Receive FIFO Overruns = 0 Total Packets Transmitted = 0 Total Bytes Transmitted = 0[...]

E-35 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance For More Informatio n For more informa tion on IPS syst em architectu re, refe r to System Architect ure. Blocking This sectio n provides troubleshooting he lp for blocki ng an d[...]

E-36 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Verifying ARC is Running Note The CLI output is an example of wh at your configuration may look like. It will not ma tch exactly due to the optional setup ch oices, sensor mode l, and [...]

E-37 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance For More Informatio n For more informa tion on IPS syst em architectu re, refe r to System Architect ure. Verifying ARC Conne ctions are Active If the State is not Active in the [...]

E-38 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Sensor up-time is 13 days. Using 4395M out of 5839M bytes of available memory (75% usage) system is using 26.2M out of 160.0M bytes of available disk space (16% usage) application-data[...]

E-39 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Device Access Issues The ARC may not be able to acc ess the de vices it is managing. Make sure the yo u have the correct IP address and us ername a nd passwo rd for th e mana ged[...]

E-40 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance profile-name: r7200 block-interfaces (min: 0, max: 100, current: 1) ----------------------------------------------- interface-name: fa0/0 direction: in --------------------------------[...]

E-41 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Step 5 T elnet to th e rout er and v erify that a den y entr y fo r the blocked ad dress exists in th e router ACL. Refer to the rou ter do cumenta tion for the proc edure. Step [...]

E-42 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance default-signatures-only ----------------------------------------------- specify-service-ports ----------------------------------------------- no ---------------------------------------[...]

E-43 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Step 4 Initiate a manua l block to a bogu s host IP add ress to make sure the master blocking se nsor is initiating blocks. sensor# configure terminal sensor(config)# service net[...]

E-44 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Logging T A C may suggest that you turn on debug logging for troublesh ooting pu rposes. L ogger con trols wh at log messages are generated by each applica tion by controlling the logg[...]

E-45 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Step 9 T urn on ind i vidual zone cont rol. sensor(config-log-mas)# individual-zone-control true sensor(config-log-mas)# show settings master-control ----------------------------[...]

E-46 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance zone-name: tls severity: warning <defaulted> ----------------------------------------------- sensor(config-log)# Step 12 Change the sev erity lev el (d eb ug, timing , warning, o[...]

E-47 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance sensor(config-log)# show settings master-control ----------------------------------------------- enable-debug: true default: false individual-zone-control: true default: false --[...]

E-48 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance For More Informatio n For a list of wha t each zone n ame refers t o, see Zone Names, page E -48 . Zone Names Ta b l e E - 2 lists the debug logger zone na mes: For More Informatio n T[...]

E-49 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Directing cidLog Messages to SysLog It might be useful to direct cidLog messages to syslog. T o d irect cidL og messages to syslog, follow these steps: Step 1 Go to the idsRoot/e[...]

E-50 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance TCP Rese t Not Occurring for a S ignature If you do not hav e the event action set to rese t, the TCP reset do es not oc cur for a specific signa ture. Note TCP Resets are not supporte[...]

E-51 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance appInstanceId: 1004 signature: sigId=20000 sigName=STRING.TCP subSigId=0 version=Unknown addr: locality=OUT 172.16.171.19 port: 32771 victim: addr: locality=OUT 172.16.171.13 por[...]

E-52 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance For More Informatio n • For more information on runn ing th e se tup comman d, see Appendix B, “Initializing t he Sensor . ” • For more information on reim aging y our senso r [...]

E-53 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance to do wnlo ad the ch osen pack age fro m a Cisc o fil e serv er . The IP addres s may ch ange f or the Cis co file server , b ut you can find it in the lastDo wnloadAttempt secti[...]

E-54 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the IDM Step 8 Upgrad e the sensor . sensor(config)# upgrade scp://service @ s ensor_ip _addres s/ upgrade / ips_package_ file_n ame Enter password: ***** Re-enter password: ***** For More Informatio[...]

E-55 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoo ting the I DM d. Click the Cache tab . e. Click Clear . Step 3 If you hav e Jav a Plug-in 1.4. x installed: a. Click Start > Settings > Contr ol Panel > J ava Plug-in 1.4.x . b. Click the A[...]

E-56 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the IME telnet-option enabled access-list 0.0.0.0/0 ftp-timeout 300 no login-banner-text exit time-zone-settings offset 0 standard-time-zone-name UTC exit summertime-option disabled ntp-option disabl[...]

E-57 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesh ooting the ASA 5500 AIP SSM Time Sync hron izat ion o n th e IME a nd th e Sens or Sympto m The I ME d ispl ays No Data A vailab le on the Events dashb oard. A historical query does no t return an y e [...]

E-58 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the ASA 5 500 AIP SSM • The A SA 550 0 AIP SSM and Ju mbo Packets, pa ge E- 62 • TCP Reset Diff erences B etween IPS Applia nces and ASA IPS Mo dules, pa ge E-62 Health and S tatus Information T [...]

E-59 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesh ooting the ASA 5500 AIP SSM 1 Up asa(config)# If you hav e problems with reima ging the ASA 550 0 AIP SSM, use the debug module-boot comman d to see the output as the module boo ts. Make sure you hav e[...]

E-60 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the ASA 5 500 AIP SSM Failover Sce narios The follo wing failo ver sc enarios apply to the ASA in the e vent of configuration changes, signature/signatur e engine update s, service pac ks, and Sensor[...]

E-61 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesh ooting the ASA 5500 AIP SSM failover failover lan unit secondary failover lan interface folink GigabitEthernet0/7 failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2 The ASA 55 0[...]

E-62 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the ASA 5 500 AIP SSM The ASA 55 00 AIP SSM a nd the Data P lane Sympto m The A SA 5500 A IP SSM da ta plan e is kept in the Up sta te whil e applyi ng sign ature upd ates. Y o u can chec k the AS A [...]

E-63 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP Troubleshooting the ASA 5500-X IPS SSP Note Before troubleshooting the ASA 5500-X IPS SSP, check the Ca v eats section of the Readme for the software version installed on[...]

E-64 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Two ASA 5500-X s in Fail- Close Mode • If the ASAs are conf igured in fail-close mode , and if the ASA 5500-X IPS SSP on the acti v e ASA experien ces a configuration c hang[...]

E-65 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP The output shows that the ASA 5500-X IPS SSP is up. If the status r eads Down , you can reset it using the sw-module module 1 reset comm and. If you have problems with re[...]

E-66 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Mod-ips 266> DMI 2.4 present. Mod-ips 267> last_pfn = 0x201400 max_arch_pfn = 0x100000000 Mod-ips 268> last_pfn = 0xdfffd max_arch_pfn = 0x100000000 Mod-ips 269> i[...]

E-67 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP Mod-ips 328> hugetlb_lowmem_setup: Allocated 2097152 huge pages (size=0x200000) from lowmem are Mod-ips 329> a at 0xffff88002ee00000 phys addr 0x000000002ee00000 Mo[...]

E-68 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Mod-ips 384> CPU: L2 cache: 4096K Mod-ips 385> CPU 4/0x4 -> Node 0 Mod-ips 386> CPU4: Intel QEMU Virtual CPU version 0.12.5 stepping 03 Mod-ips 387> Booting pro[...]

E-69 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP Mod-ips 446> pci 0000:00:01.0: Activating ISA DMA hang workarounds Mod-ips 447> pci_hotplug: PCI Hot Plug PCI Core version: 0.5 Mod-ips 448> pciehp: PCI Express [...]

E-70 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Mod-ips 510> serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A Mod-ips 511> 00:06: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A Mod-ips 512> 00:07: ttyS1 at I/O 0x2f8 [...]

E-71 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP Mod-ips 571> 51216 blocks Mod-ips 572> Checking rootrw fs: corrected filesystem Mod-ips 573> kjournald starting. Commit interval 5 seconds Mod-ips 574> EXT3 F[...]

E-72 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Mod-ips 633> Starting CIDS: Mod-ips 634> starting pid 1718, tty '/dev/ttyS0': '/sbin/getty -L ttyS0 9600 vt100' The ASA 55 00-X IPS S SP and the Norm[...]

E-73 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP The ASA 55 00-X IPS S SP and Memory Usag e For the ASA 55 00-X IPS SSP , th e memo ry usage is 93%. The default hea lth thresholds for the sens or are 80% for ye llow and[...]

E-74 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 558 5-X IPS SSP TCP Rese t Differences Between IP S Appliance s and ASA IPS Modules The IPS applianc e sends TCP rese t packets to both the attack er and vi ctim when Reset TCP Conne ction is[...]

E-75 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5585- X IPS SSP • If the ASA is configured in fail-open mode f or the ASA 5 585-X I PS SSP, and the ASA 5585-X IPS SSP e xperiences a SensorApp crash or a service pack upgrade, traff i[...]

E-76 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 558 5-X IPS SSP Traffic Flow S topped on IPS Switchp orts Problem T raf fic on a ny port located on the ASA 5585-X IPS SSP (1/x) no longer passes through the adaptive security ap pliance when[...]

E-77 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5585- X IPS SSP App. Status: Not Applicable App. Status Desc: Not Applicable App. version: 7.1(1)E4 Data plane Status: Not Applicable Status: Shutting Down asa# show module 1 details Get[...]

E-78 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 558 5-X IPS SSP Firmware version: 2.0(7)0 Software version: 7.1(1)E4 MAC Address Range: 5475.d029.7f9c to 5475.d029.7fa7 App. name: IPS App. Status: Up App. Status Desc: Normal Operation App.[...]

E-79 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5585- X IPS SSP Slot-1 167> SERVER=192.0.2.15 Slot-1 168> GATEWAY=192.0.2.254 Slot-1 169> PORT=GigabitEthernet0/0 Slot-1 170> VLAN=untagged Slot-1 171> IMAGE=IPS-SSP_10-K9[...]

E-80 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion For More Informatio n For deta iled informat ion about the Normaliz er engine, see Normalizer Engine . The AS A 5585-X IPS SSP and Jumb o Packet F rame S ize Refer to the following URL for i[...]

E-81 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information This section contains the following topics: • Health and Network Security Information, page E-81 • T ech Support Inf ormation, pa ge E-82 • V ersio n Inform ation, page E -85 • Stat[...]

E-82 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Tech Sup port Information The show tech -supp ort command is useful fo r capturing all sensor status and con f iguratio n information . This section describes the show tech-support command ,[...]

E-83 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Step 3 T o s end the output (in HTML format) to a file: a. Enter the following c ommand, follo wed by a v alid destinat ion. The password: prompt a ppears. sensor# show tech-support destina[...]

E-84 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion 6-0600 Running CLI S-2011_NOV_16_00_20_7_1_3_46 (Release) 2011-11-16T00:23:0 6-0600 Upgrade History: IPS-K9-7.1-3-E4 00:30:07 UTC Wed Nov 16 2011 Recovery Partition Version 1.1 - 7.1(3)E4 Ho[...]

E-85 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Total Transmit Errors = 0 Total Transmit FIFO Overruns = 0 MAC statistics from interface Management0/1 Interface function = Reserved for future use Output from show statistics authenticatio[...]

E-86 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Understanding the show version Command The sh ow ve rsi o n command s ho ws t he basic sens or info rmation and can indicate where a f ailure is occurr ing. It giv es the follo wing informa [...]

E-87 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Upgrade History: IPS-K9-7.1-3-E4 00:30:07 UTC Wed Nov 16 2011 Recovery Partition Version 1.1 - 7.1(3)E4 Host Certificate Valid from: 16-Nov-2011 to 16-Nov-2013 sensor# Note If the —-MORE-[...]

E-88 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion ! ------------------------------ service trusted-certificates exit ! ------------------------------ service web-server exit ! ------------------------------ service anomaly-detection ad0 exi[...]

E-89 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information • T ransa ction Sou rce • V irtua l Sensor • We b S e r v e r Displayin g Statistics Use the show statistics [analysis-engine | anomaly-d etection | authe ntica tion | denied-attacker[...]

E-90 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion The Signature Database Statistics. Total nodes active = 0 TCP nodes keyed on both IP addresses and both ports = 0 UDP nodes keyed on both IP addresses and both ports = 0 IP nodes keyed on bo[...]

E-91 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information SimulatedDenyFilterRuleMatch = 0 TcpDeniesDueToGlobalCorrelation = 0 TcpDeniesDueToOverride = 0 TcpDeniesDueToOverlap = 0 TcpDeniesDueToOther = 0 SimulatedTcpDeniesDueToGlobalCorrelation = [...]

E-92 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion No attack Detection - ON Learning - ON Next KB rotation at 10:00:00 UTC Sat Jan 18 2008 Internal Zone TCP Protocol UDP Protocol Other Protocol External Zone TCP Protocol UDP Protocol Other P[...]

E-93 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information The number of times the event store circular buffer has wrapped = 0 Number of events of each type currently stored Status events = 4257 Shun request events = 0 Error events, warning = 669 E[...]

E-94 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Command Control Port Device = Management0/0 Network Statistics = ma0_0 Link encap:Ethernet HWaddr 00:04:23:D5:A1:8D = inet addr:10.89.130.98 Bcast:10.89.131.255 Mask:255.255.254.0 = UP BROAD[...]

E-95 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information BlockMaxEntries = 11 MaxDeviceInterfaces = 250 NetDevice Type = PIX IP = 10.89.150.171 NATAddr = 0.0.0.0 Communications = ssh-3des NetDevice Type = PIX IP = 192.0.2.4 NATAddr = 0.0.0.0 Comm[...]

E-96 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion AclSupport = uses Named ACLs Version = 12.2 State = Active NetDevice IP = 192.0.2.10 AclSupport = Uses VACLs Version = 8.4 State = Active BlockedAddr Host IP = 203.0.113.1 Vlan = ActualIp = [...]

E-97 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Step 15 Display the statistics for the transacti on server . sensor# show statistics transaction-server General totalControlTransactions = 35 failedControlTransactions = 0 sensor# Step 16 D[...]

E-98 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Number of exec Clear commands during uptime = 0 Denied Attackers and hit count for each. Denied Attackers with percent denied and hit count for each. The Signature Database Statistics. The N[...]

E-99 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information TCP Packets currently queued for reassembly = 0 Cumulative Statistics for the TCP Stream Reassembly Unit since reset TCP streams that have been tracked since last reset = 0 TCP streams that[...]

E-100 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Fatal Severity = 0 Error Severity = 14 Warning Severity = 1 Timing Severity = 0 Debug Severity = 0 Unknown Severity = 28 TOTAL = 43 Step 19 V erify that the statistic s hav e been clear ed.[...]

E-101 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Interfaces Command Output The following exampl e sh o w s the outpu t from the show interfaces command: sensor# show interfaces Interface Statistics Total Packets Received = 0 Total Bytes [...]

E-102 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion • Displaying Ev ents, page E-102 • Clearing E vents, page E -105 Sensor Events Ther e are fiv e types of events: • e vAlert—Intrusion detection alerts • e vEr ror—A pplicati on [...]

E-103 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information The following options ap ply: • alert —Displays alerts. Provides notif ication of some su spicious a ctivity that ma y indicat e an attac k is in process or has been attemp ted. Alert [...]

E-104 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Step 3 Dis play th e bloc k requ ests beg inni ng at 10: 00 a.m . on Febr uar y 9, 201 1. sensor# show events NAC 10:00:00 Feb 9 2011 evShunRqst: eventId=1106837332219222281 vendor=Cisco or[...]

E-105 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information originator: hostId: sensor appName: mainApp appInstanceId: 2215 time: 2011/01/08 02:41:00 2011/01/08 02:41:00 UTC controlTransaction: command=getVersion successful=true description: Contro[...]

E-106 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Step 3 Enter the follo wing command. /usr/cids/idsRoot/bin/cidDump Step 4 Enter the followi ng command to compress the resu lt ing /u sr /cid s/ ids Roo t /log/cidDum p.html file. gzip /usr[...]

F-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX F Cable Pinouts Contents This append ix descri bes pi nout i nformation for 10 /1 00 / 100 0 Ba se T , console, an d RJ 45 to DB 9 port s, and the M GM T 10 /100 Ethe rne t po rt. I t c o n t a i n s th e f o l low i n g t o p ic s[...]

F-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix F Cable Pin outs Console Port (RJ -45) Figure F-2 shows the 10/100/1 000BaseT (RJ-4 5) port pinouts. Figur e F -2 1 0/1 00/1 00 0 P ort Pinouts Console Port (RJ-45) Figure F-3 sho ws the RJ 45 ca ble. Figur e F -3 RJ-45 Cable T o id entif[...]

F-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix F Cable Pinouts RJ-45 to DB-9 or DB-25 Exam ine the sequen ce of co lored wi res t o determ ine th e type of RJ -45 cabl e, as follows: • Straigh t-thro ugh—The colo red wires are in the same sequence at both ends of the cable[...]

F-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix F Cable Pin outs RJ-45 to DB-9 or DB-25[...]

GL-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 GLOSSARY Revised: July 16 , 2012 Numerals 3DES T riple Data Encryption Standard. A stronger ver sio n of DES, which is the default encryption method for SSH version 1.5. Used when e stablishing a n SSH session w ith the sensor . It can be [...]

Glos sary GL-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 ASA 5500 AIP SSM Adv ance d Inspect ion and Pre v ention Security Ser vices Modu le. The IPS p lug-in module in the Cisco ASA 5500 series adapti ve security appliance. The ASA 55 00 AIP SSM is an IPS services module that monitors and pe[...]

Glossary GL-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 arch itect ure The o v eral l stru cture o f a co mputer or c ommunica tion s ystem . The architec ture in flue nces the capabilities and limitations of the syst em. ARP Address Resolution Protocol. Internet protocol used to ma p [...]

Glos sary GL-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 B backpla ne The physica l connection betw een an interface pro cessor or card and the da ta buses and the power dis- tribution b uses inside a chassis. base ve rsion A softw are rel ease that must be installed befor e a follo w- up rel[...]

Glossary GL-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 certificate Digit al re prese nta tion o f user o r de vi ce attrib utes, including a public key , that is signed with an author itat i ve priv ate key . cidDump A scrip t that captu res a lar ge am ount of information including t[...]

Glos sary GL-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 cookie A piece of inform ation sen t by a web serve r to a web bro ws er that the bro wser is exp ected to sa v e and send b ack to the we b ser ver whene v er th e bro wser mak es addit ional reque sts of the web serv er . CSA MC Cisco[...]

Glossary GL-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 DES Data En crypti on S tanda rd. A stron g encry ption meth od where the strength lies in a 56-bit key rather than an algorithm. destination address Address of a n etwork device that is receiving data . DIMM Dual In-line Memory M[...]

Glos sary GL-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 F fail clos ed Blocks traffi c on the device after a hardware failure. fail open Lets traf f ic pass through the d e vice after a hardware failure. false ne gative A signatur e is not fired when offending traffic is detec ted. false pos[...]

Glossary GL-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 FQDN Fully Qualif ied Domain Name.A doma in name that specifies its e xact loca tion in th e tree h ierarch y of the DNS. It specif ies all domain lev els, including th e top-le vel domain, relati ve to the root d omain. A fully q[...]

Glos sary GL-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 hardwa re bypass A specialized interf ace card that pairs physical inte r faces so that when a softw are err or is detected, a bypass mechan ism is e ngaged tha t directly connec ts the physical interfaces and allo ws traf fic to flo w[...]

Glossary GL-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 InterfaceApp A component of the IPS. Handles bypass and physical settings and defines paired interface s. Physical settings are speed, d uplex, and administra ti ve state. intrusion de tection system IDS. A security serv ice that[...]

Glos sary GL-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 KB Knowledge Base. The sets of thresholds learned by Anom aly Detection and used for worm virus detection. Knowledge Base See KB. L LACP Link Aggregation Control Protoc ol . LA CP aids in the au tomatic crea tion of EtherChannel links [...]

Glossary GL-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 MD5 Message D igest 5. A one- way hashing algorith m that pro duces a 1 28-bit hash . Both MD5 and Secure Hash Algori thm (SH A) are variat ions on MD4 an d streng then th e secu rity o f the MD4 hash ing algo rit hm. C isc o use[...]

Glos sary GL-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 NBD Nex t Bus iness D ay . The arri val of repl acemen t hard ware acco rding to Cisc o ser vice co ntra cts. Neighborh ood Disco very Protocol fo r IPv6. IPv6 node s on the same link use Neighbo r Discovery to discov er each other’ [...]

Glossary GL-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 O OIR online insertion and remov al. Feature that permits you to add, repla ce, or remove cards without interrupting the system po wer, entering console c o mman ds, or cau sing other software o r interface s to shut do wn. OPS O[...]

Glos sary GL-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 PER packed enc oding rules. Instead of using a generic st yle of en coding that enc odes al l types in a u nifor m way , PER speciali zes the enco ding base d on the da te type to gene rate mu ch more com pact representations. PFC Poli[...]

Glossary GL-17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 RAM random- access memo ry . V olatile memor y that can be read an d written by a microproce ssor . RAS Registration, Admission , and Status Protocol. Pr otocol that is used betwe en endpoints and the gatekeeper to perform m anag[...]

Glos sary GL-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 RTP Real-Time T ransport Pro tocol. Commonly used w ith IP networ ks. R T P is designed to provide end-to-end network transport functions for a pplica tions transmitting real-ti me data, such as audio, video, or simulation data, ov er [...]

Glossary GL-19 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 sessi on comm and Comman d used on routers an d switche s to pro vide eith er T elnet or console acc ess to a mod ule in the router o r switch. SFP Small Form-factor Pluggable. O ften refers to a fiber optic transcei ve r that ad[...]

Glos sary GL-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 SN Serial Number . Part of the UDI . The SN is the ser ial numb er of y our Cisco product. SNAP Subnetwork Acce ss Protocol. Internet protocol that operates between a network entity in the subnetwork a nd a network e ntity in the end s[...]

Glossary GL-21 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 subsigna ture A more granular representa tion of a gene ral sign atur e. It typically fu rther de fi nes a broad s cope signature. surfac e mounting Refers to at taching rubber feet to the bottom of a sens or when it is installed[...]

Glos sary GL-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 TFTP T ri vial File T ransfer Protocol. Simplif ied vers ion of FTP that lets f iles be transferred from one comp uter to an other over a ne twork, us ually without the use of client authentic ation (for exam ple, usernam e and passwor[...]

Glossary GL-23 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 U UDI Unique De vice Identif ier . Provides a unique identity for e v ery Cisco product. The UDI is composed of the PI D, VID, and SN. The UD I is st ored i n the Ci sco IPS ID PR OM. UDLD UniDirectional Link Detection. Cisco pro[...]

Glos sary GL-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 viru s Hidd en, s elf-r eplic atin g sect ion o f co mputer soft ware, u suall y m alic ious logic, that pro pagates by infecting—that is, inserting a cop y of itself into and becoming par t of—another pro gram. A viru s cannot run[...]

Glossary GL-25 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Wireshark W ireshark is a free network protoco l analyzer fo r UNIX and Windo ws. It lets you examine da ta from a li ve network or from a capture f ile on disk . Y o u can in teractiv ely browse the captu re data, vie wing summa[...]

Glos sary GL-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01[...]

IN-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 INDEX Numerics 10BaseT cable pinouts appliance F-1 ASA 558 5-X F-1 2SX card describe d 4-3, 5-4 illustration 4-4, 5-5 4GE bypa ss interface card configura tion restrictions 4-5, 5-6 describe d 4-3, 4-5, 5-4, 5-6 illustration 4-3, 5-4 802.1[...]

Index IN-2 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 applying softwar e update s E-52 ARC blocking no t occurring for signatu re E-41 device acces s issues E-39 enab ling SSH E-41 inactive s tate E-37 misconfigur ed mast e r blocking sensor E-42 troubleshooting E-35 verifying de vice i[...]

Index IN-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 ASA 5585-X SSP-40 with I PS SSP-40 describe d 9-3 memory re quirem ents 9-8 ASA 5585-X SSP-60 with I PS SSP-60 describe d 9-3 memory re quirem ents 9-8 ASA IPS modules jumbo pa cket coun t E-62, E-73, E-80 ASDM re setting passwords E[...]

Index IN-4 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 copy lic ense-k ey C-12 debug m odule-b oot E-59 downgra de D-10 eras e lice nse -key C-15 hw-modu le module 1 reset E-58 hw-modu le module slo t_numbe r password- reset E-11 setup B-1, B-4, B-8, B -13, B-17, B-21 show ev ents E-102 [...]

Index IN-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 E electrical saf ety guidelines 2-3 enablin g debug logging E-44 Encr yption Softwa re Exp ort Distribution Authorization form crypto graphic ac count C-2 describe d C-2 eras e lice nse-ke y comm and C-15 errors ( Analysis E ngine) E[...]

Index IN-6 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 IPS 4270-20 5-6 link status chan ges and drops 4-6, 5-7, E-22 proper co nfigurat ion 4-6, 5-7, E-22 supported co nfigurations 4-5, 5-6 with soft ware bypass 4-5, 5-6 health status display E-81 HTTP/HTTPS serve rs supported D-2 hw-mod[...]

Index IN-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 comm and and control 1-5 configura tion restrictions 1-12 describe d 1-4 port numb ers 1-4 sensing 1-5, 1-6 slot numbers 1-4 support (table) 1-6 TCP re set 1-11 internal health informatio n in the Diagnostic Panel 5-42 introducing AS[...]

Index IN-8 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 power supply 4-23 interface naming c onventions 4-4 network ports 4-2 password recovery E-8 perform ance 4-2 power supplies 4-2 power supply indi cators 4-9 rack m ountin g 4-post 4-11 rack-m ountin g 2-post 4-14 removing interface c[...]

Index IN-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 front panel (llustration) 6-5 front panel indicators described 6-6 indicators 6-6 installation 6-12 installing sy stem image D-16 packing box contents 6-4 password recovery E-8 power supplies 6-15 power supplies (illustra tion) 6-16 [...]

Index IN- 10 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 removing co re IPS SSP 7-14 SFP ports 7-12 shutting down 7-14 slide rail kit hardware installa tion 7-19 specifi cations 7-8 supported SFP+ modules 7-11, 9-9 supported SFP modules 7-11, 9-9 SwitchApp 7-34 IPS 4520 back pa nel feat [...]

Index IN- 11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 L licens e key installing C-12 obtaining C-9 trial C-9 uninstalling C-15 viewing status of C-9 licensi ng describe d C-9 IPS device serial number C-9 Licensing pane configuring C-10 describe d C-9 logging in appliances A-2 ASA 5500[...]

Index IN- 12 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 P password recovery appliances E-8 ASA 5500-X IPS SSP E-9 ASA 5585-X IPS SSP E-1 1 CLI E-13 describe d E-7 disabling E-13 displaying setting E-13 GRUB me nu E-8 IPS 4260 E-8 IPS 4270-20 E-8 IPS 4345 E-8 IPS 4360 E-8 IPS 4510 E-8 IP[...]

Index IN- 13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 4-post 4-11 IPS 4270-20 ext ensio n 5-26 installation 5-18 requiremen ts 5-17 IPS 4510 7-29 IPS 4520 7-29 rack s airflow re quirements 5-17 spac e req uireme nt s 5-17 rail system maximum ra ck depth 5-17 minimum rac k depth 5-17 r[...]

Index IN- 14 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 serial console port D-12 TFTP D-13 round-trip time. See RTT. RTT describe d D-13 TFTP limitation D-13 S scheduling au tomatic upgra des D-8 security information on Cisco Security I ntelligence Operat ions C-8 sensing interfaces Ana[...]

Index IN- 15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 ASA 5500-X IPS SSP A-5 ASA 5585-X IPS SSP A-6 setting up terminal servers 1-22, A-3, D-13 setup automatic B-2 comm and B-1, B-4, B-8, B -13, B-17, B-21 simplified mode B-2 SFP+ modules describe d 7-10, 9-9 supported (table) 7-11, 9[...]

Index IN- 16 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 HTTP/ HTTPS s erver s D-2 SwitchApp desc ribed 7-34 Switched Port A nalyzer see S PAN swit ches and TCP re set int erfaces 1-12 sw-module m odule slot_number pa ssword-reset comm and E-9 System Configuration Dialog describe d B-2 e[...]

Index IN- 17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 cidLog message s to syslog E-49 communic ation E-23 corrupte d SensorApp configur ation E-3 4 debug log ger zon e names ( table) E-4 8 debug log ging E-44 Diagnostic Pan el (IPS 4270-20) 5-42 disaster re covery E-6 duplicate sen so[...]

Index IN- 18 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 restric tions E-17 supported sen sors E-17 traff ic capture requi rement s E-1 7 VLAN gro ups 802.1q e ncapsulation 1-18 configura tion restrictions 1-14 deploying 1-18 describe d 1-18 switch es 1-18 W warnin g circ uit br eaker 6-[...]