First configuration of NME-IPS-K9

Hello world

I have trouble to initialize the NME think I just bougth; in fact, I use a router cisco 2811 on which I have installed the NME, the command"

service module' seems to not exist in my router, when I get home it router display an error.

also, when I enter this command: 'show the inventory', I have this output:

NAME: 'unknown on Slot 1', DESCR: 'as '.

PID: NME IPS - K9, VID: V02, SN: FOC13091TNT

is this normal output?

Please help me this is my first time to work on NME.

Thank you very much in advance

The name should appear as "Cisco Intrusion Prevention System NM on Slot 1".

What is the version of the IPS software you use?

Following guide should be able to help.

http://www.Cisco.com/en/us/docs/security/IPS/7.0/Configuration/Guide/CLI/cli_nme.html

Kind regards

Sawan Gupta

Tags: Cisco Security

Similar Questions

  • NME - IPS K9 break-in 3845 not accessible

    I am not able to make a ping or ssh in my IPS module. I am not able to access through the router either. When I try to create a session through the router I get the following: try xx.xxx.xxx.xxxx, 2114 Open... and it just is. Y at - it another way to access it or restart the module, without having to reboot the router.

    Hello

    1. you can reset the router CLI NME - IPS module.

    This will only reset the NME - IPS not the router.

    router# service-module ids-sensor 1/0 reset
           Use reset only to recover from shutdown or failed state
           Warning: May lose data on the hard disc!
           Do you want to reset?[confirm]

    http://tools.cisco.com/squish/b63A4

    2. After it comes back up, check if the module is responsive.
    You can also issue: 'show inventory' and check if the module is even detected by the router.
    If the module is not even detected by the router, it may be an hardware issue.

    3. Check if the module is correctly configured.
    Check my configuration document for this.

    https://supportforums.cisco.com/docs/DOC-12364

    Sid Chandrachud
    TAC Security Solutions

  • K9-NME-IPS does not all packages

    Hello members,

    I have a K9-NME-IPS module in my router installed but it seems that it does not all packets from the router. This is the configuration for the IDS Sensor Interface and the Interface where I want to send traffic to the sensor.

    interface GigabitEthernet0/0
    Description CONNECTION to THE MPLS BACKBONE
    no ip address
    full duplex
    Speed 100
    No cdp enable
    !
    !
    interface GigabitEthernet0/0.100
    CONNECTION to VRF100 VRF description
    encapsulation dot1Q 100
    IP vrf forwarding VRF100
    IP 172.16.2.14 255.255.255.248
    ID-service-module monitoring inline access list 100
    No cdp enable
    !
    interface GigabitEthernet0/0,103
    Description CONNECTION to VRF200
    encapsulation dot1Q 103
    IP vrf forwarding VRF200
    IP 172.16.11.6 255.255.255.248
    penetration of the IP stream
    stream IP output
    ID-service-module monitoring inline access list 100

    access ip-list 100 permit a whole

    and here are the statistics of the module.

    # display the virtual sensor statistics
    Virtual sensor statistics
    Statistics for vs0 virtual sensor
    Name of the current instance of Signature-definition sig0 =
    Name of the current instance of event-action rules = rules0
    List of interfaces controlled by this virtual sensor = sous-interface GigabitEthernet0/1 0
    General statistics for this virtual sensor
    Number of seconds since statistics reset = 10137
    MemoryAlloPercent = 51
    MemoryUsedPercent = 49
    MemoryMaxCapacity = 614400
    MemoryMaxHighUsed = 432128
    MemoryCurrentAllo = 317667
    MemoryCurrentUsed = 302192
    Percentage of the processing load = 1
    Total packets processed since reset = 0
    Total of processed since the reset = 0 IP packets
    Total of IPv4 packets processed since reset = 0
    Total of IPv6 packets processed since reset = 0
    Total IPv6 AH packets processed since reset = 0
    Total of ESP IPv6 packets processed since reset = 0
    Total of the IPv6 Fragment packets processed since reset = 0
    Total IPv6 routing header packets processed since reset = 0
    Total of the IPv6 ICMP packets processed since reset = 0
    Total of packages that were not processed since the reset = 0 IP
    Total of the TCP packets processed since reset = 0
    Total of the UDP packets processed since reset = 0
    Total of ICMP packets processed since reset = 0
    Total packets that were not TCP, UDP or ICMP processing since reset = 0
    Total of ARP packets processed since reset = 0
    Total ISL-encapsulated packets processed since reset = 0
    802-1 total q encapsulated packets processed since reset = 0
    Total packets with bad checksum IP processed since reset = 0
    Total packets with wrong layer 4 are treated for reset = 0
    Total number of bytes processed since reset = 0
    Packets per second since the reset rate = 0
    Bytes per second since the reset rate = 0
    The way of bytes per packet since the reset = 0

    Thanks for your comments

    Alex

    Hi Alex,

    Matthew has been mentioned previously, for the NME module, the access list defines which traffic will be NOT be inspected.

    If you want the NME to inspect all traffic, you need to change the list of access to DENY all traffic.

    So, change it to "access-list 100 deny ip any one" to inspect all traffic.

    Thank you

    Stijn

  • SmartNet contrct to NME-IPS-K9

    Hello world

    I want to know if it is possible for my company to get a contract for our modules NME - IPS smartnet directly without a cisco partner? and if yes how can we precede?

    Thank you

    Not that I know of. No matter where you go, you will find a partner/reseller of certain level. What difference does anyway?

    Sent by Cisco Support technique iPad App

  • Configuration of the IPS Cisco 2921

    Hello

    Is there a design guide to see how to configure a router Cisco IPS and how it should be better implemented (2921)?

    Kind regards

    Laurent

    Hello

    Here is the guide to Setup IOS IPS for IOS 15.0:

    http://tinyurl.com/27b7m6n

    I hope this helps.

  • First configuration PC (1800usd/1300eur)

    Hello world

    I have read this forum for some time and would like to thank employees for the things I have learned here. Although there has been much discussion of configuration, I decided to start this one because I have a few questions that do not apply to others.

    Me and a friend started a small film production company year last in Bucharest, Romania. We made the wedding movies especially, we use DSLRs and the editing of the films made in first CS5 and some experiences in AfterEffects (I can provide a portfolio link if someone trinkets). Up to now, we have used a configuration Athlon x 2 with a GeForce gtx 285 and 6 GB of ram.

    Now, I gathered the money and it is time for the upgrade.

    I7 950

    Gigabyte x58a ud3R

    GTX 470 OC Super 1.28 GB

    dd3 kingmax 4 GB 1333 MHz 3 x

    Power supply: Antec TruePower Quattro 850 W

    Case: Antec three hundred

    Configuration of the hard disk:

    1 drive hard Samsung 320 GB SATA-II 7200 RPM 16 MB SpinPoint F4
    2. hard drive Samsung 1 TB SATA-II 7200 RPM 32 MB Spinpoint F3 PMR
    3. hard drive Samsung 2 TB SATA-II 5400 RPM 32 MB SpinPoint F4 Eco Green

    (1 windows and programs 2 swap, 3 storage project files)

    in 1 or 2 months, we will invest again in this configuration

    my questions are,

    what I can do to improve hard disk Setup? (taking into account the fact that the above configuration is 95% of the funds available)

    for ram memory Corsair DDR3 4096 MB 1600 Mhz CL9 would be about 40 usd additional, useful?

    video card, by 67 usd less I can have a normal asus GTX470, version super overclocked from gigabyte is worth the difference?

    any suggestions for a good CPU cooler?

    http://www.pcgarage.ro/vizualizare-wishlist/341122/ - link configuration (in Romanian)

    Thank you.

    ' what I can do to improve hard disk Setup? . " (taking into account the fact that the above configuration is 95% of the funds available) »

    1 BUY all the disk hard exctly the same. Then, you will think to do a raid configuration right.

    "the RAM Corsair DDR3 4096 MB 1600 Mhz CL9 would be about 40 usd additional, is - this useful?"

    Absolutely, and if the corsair is the "DOMINATOR MODEL even more." It is the best ram in the market no matter what.

    "for 67 usd, less I can have a normal asus GTX470, version super overclocked from gigabyte is worth the difference?

    any suggestions for a good CPU cooler? »

    If you buy a gtx 460 you will get the same result if you do a good overclock. anyway in the end what will be most important is on the order of your cpu.

    B.R.

    Cristobal.

  • [SOLVED] 2 13 Yoga has arrived: BSOD after first configuration

    Hello

    I just bought a Lenovo Yoga 2 13 online. After unpacking, I started and finished the initial automatic configuration (keyboard, wifi, account, etc.). Restarting and BSOD ":-(pc encountered you a problem." Restarting the laptop itself in "automatic repair", it just freezes with black screen (not BSOD).

    If I turn it on and the new, the same cycle (BSOD, reboot, black screen).

    The novo key directly put me in the black screen freeze (after choosing "repair system" and right after the lenovo with rotation points logo)

    I never happened to be achievements have won 8.1 running. The laptop is brand new.

    I don't think that I need to install OKR8 image since the menu key of novo is there and I got to partitions. I am not a beginner and I could try to reinstall win 8.1 from USB, but I don't want to break the warranty.

    Any tips?

    SOLVED. Volume 0 (432 GB, one of the 7 drive partitions), for some mysterious reason, has not formatted and was instead of type RAW.

    I found that by running diskpart from a USB Pendrive windows recovery to another laptop.

    I formatted the RAW partition and began to 'system recovery', which brought the laptop to the State of origin, and this time everything went smoothly.

  • Can Cisco Configuration Professional to use the IPS feature?

    Dear Expert

    Hello.

    Could you tell me about Cisco Configuration Professional.

    I would try the IOS - IPS on Cisco2901-SEC/K9.

    I was looking to the ORC on Cisco Configuration Professional.

    Cisco2901-SEC/K9 does not support SDM.

    But the Cisco2901-SEC/K9 support the Cisco Configuration Professional.

    Can you Cisco Configuration professional to use IPS as SDM function?

    Kind regards

    Takuro.

    Hello

    Yes, you can configure Cisco Configuration Professional IOS IPS.

    CCP has a wizard to guide you through the process, there is a link for it:

    http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper0900aecd8066d265.html

    I hope this helps you.

    -------

    Mashal

  • Deployment of Cisco IPS 4240 devices

    I can't find all the information about the Cisco IPS 4240 features massive deployments. I have 6 devices, I intend to drive to several remote sites and tie in a centralized unit of Cisco MARCH. Without the help of any CSM/LMS software, is there a quick and dirty to pull this off? I think to set up a single IPS appliance, then pull and distribute the configuration file for the remaining devices. I would like to see how others have done this...

    If all of your sensors are of the same type (all 4240 to your situation) and will execute all the even correct configuration, then the copy command will help out you.

    There is a new feature added to the copy command in IPS 6.1 which will help you during the copying of config of one sensor to another.

    Complete you configure a sensor (using IME, IDM or CLI). When you are satisfied with the configuration, and then use the command copy to copy ON a server of SCP.

    Now bringup a second sensor and configure basic networking through the Installer settings (ip address, gateway, etc...).

    Now, use the command copy to copy the first configuration of sensors from the SCP server in the running of the second probe configuration on the second.

    It will ask you to change the network settings on the second probe.

    Answer n °

    The rest of the configuration of the probe first copy will be placed in the second sensor.

    The second sensor will keep its own unique IP address but win the rest of the configuration of the config of the first probe.

    Continue to do this with additional sensors.

    The process can then be repeated every time that additional changes are made to the first sensor.

    Remember though that this only works if the configuration of the probe will be exactly duplicated (including what interfaces would be monitored and how).

    If each sensor will have some unique tunings, then you need to manage each sensor on its own or buy CSM which can be used to share only parts of the configuration of multiple sensors.

  • Test configuration

    Is there a way to test the IPS configuration to ensure that the actions are working correctly? I have a NME - IPS.

    Hello

    A common method is to test with the ICMP traffic, for example ping x.x.x.x from inside in a place outside the router, after visiting signature 2004.

    SPSP

  • NEWBIE: vSwitch in a matter of the host Cluster Configuration

    Hello

    I'm pretty new to vmware and will be starting my first implementation in the coming days.  I had training and have a very good understanding of what it is I'm doing it but have a few issues of networking.

    If we do not have Enterprise Plus and must use Standard vSwitches on each host in the cluster (using 3 host cluster), that mean each virtual NETWORK adapter configurations on each vswitch hosts will be exactly the same?  So, if I put the vMotion group of ports on host A to use the physical network (vmnic0 and vmnic1) interface cards whose 192.168.10.1 IP address et.2.  It means that I then configure the same IPS for vMotion Port Group (vmnic0 and vmnic1) on host B and C of the host in the cluster?

    If this is the case then wouldn't NIC physical on the three ESX hosts in the cluster need to have same IP configs, in which case wouldn't that cause conflicts of intellectual property, no?   Please advise if I am not clear enough.  Thankx.

    Rick,

    You would need separate IP addresses for each VMkernel port that you are creating.  Thus, for example, if you create 2 VMkernel ports per host, 1 host could avoir.1 et.2, host 2 may avoir.3 et.4 and host 3 can be affectee.5 et.6.

    But remember, you are not assigning IP addresses for uplink adapters (vmnic), you will then assign to the VMkernel Ports.  Your ESXi host will have a VMkernel default port for management (created during installation) which will have the IP address of your hosts assigned management.

    If you create a separate network for vMotion (recommended), this would require a VMkernel port separated with the checkbox "Use this port for vMotion" checked, and who would live on, most likely, a separate vSwitch with its own uplinks.  The VMkernel port would have its own unique IP address.  You will need to repeat this configuration (with specific to host IPs) on each host.

  • configuration of VLAN and routing problem 6224 switch

    I, m having a problem accessing internet to vlan 10. I can ping everything of all the VLANS. My internet router/firewall is on ethernet 1/g11 and has an ip address of 192.168.5.254. I have no problem accessing internet to vlan 20. I add a static route to my router/firewall. What Miss me? This is my first configure a layer 3 switch.

    Configure
    database of VLAN
    VLAN 10.20
    output
    battery
    1 1 member
    output
    IP 10.10.10.1 255.255.255.0
    default IP gateway - 10.10.10.254
    IP routing
    IP route 0.0.0.0 0.0.0.0 192.168.5.254
    interface vlan 10
    Routing
    IP 192.168.100.1 address 255.255.255.0
    output
    interface vlan 20
    Routing

    192.168.5.1 IP address 255.255.255.0
    output

    !
    interface ethernet 1/g1
    switchport mode general
    pvid switchport General 10
    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 10
    output
    !
    interface ethernet 1/g2
    switchport mode general
    pvid switchport General 10
    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 10
    output
    !
    interface ethernet 1/g11
    switchport mode general
    switchport General pvid 20

    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 20
    output
    !
    interface ethernet 1/g12
    switchport mode general
    switchport General pvid 20
    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 20
    output
    !
    interface ethernet 1/g13
    switchport mode general
    switchport General pvid 20
    No switchport acceptable-framework-type general tag only
    VLAN allowed switchport General add 20
    output
    output

    Route ip console #show

    The traffic code: R - RIP derived, O - OSPF derived, C - connected, S - static
    B - BGP derived, IA - OSPF Inter zone
    E1 - OSPF external Type 1, E2 - OSPF external Type 2
    N1 - OSPF NSSA external Type 1, N2 - OSPF NSSA external Type 2

    S 0.0.0.0/0 [1/0] via 192.168.5.254, vlan 20
    C 192.168.5.0/24 [0/0], directly connected, vlan 20
    192.168.100.0/24 C [0/0], directly connected, vlan 10

    Console #.


  • ASA ips feature

    I want to ask you what the works of IPS on ASAs functionality.

    There all the signatures, or it is limited?

    Perfect me if Iam wrong if I say that I needed module AIM for ips work on the asa. If Iam right, so why AIM has only 1 ethernet interface. This means that I am not follow 1 vlan?

    Thank you very much.

    The ASA-SSM-AIP-10 or ASA-SSM-AIP-20 according to the ASA modules is required for full monitoring of IPS features. The IPS on the MSS software is the same as for devices and other modules IPS. It uses the same software and signature updates. (Except for the image of the main system which has a few extra things to allow installation on the SSM)

    Without the ASA-SSM-AIP, the Software ASA itself has a set of very limited signatures that can be monitored. The signatures set is the same as in the previous version of the Pix Firewall.

    As for the single port on the ASA - SSM. This port is not a monitoring port. The port is the port command and control and has an IP address so that you can telnet, ssh or web browse to the sensor, so you can manage. The real follow-up is done on an internal interface connected inside firewall basket. The ASA can be configured through its policy to send packets through the SSM for the analysis of the IPS. Politics on the SAA can be configured for the IPS to monitor packets histocompatibility or inline.

    The SAA can be configured to send all or part of the packets through the firewall to monitor by the IPS of code that runs on the MSS.

    Since the external port is not a monitoring port that DFS may not be configured to control packets that do not go through the ASA. Packets must pass through the ASA ASA copy these packages through internal backplane to the SSM for analysis.

  • Recommended method to configure the unit to reject calls to himself

    What is the recommended / best for the configuration of the unit to refuse or remove calls to itself?

    A situation like a TRAP to call on a phone that has the value CFA VMail.

    Thank you

    Vance

    By default, the unit will try to match the incoming calls caller ID to post numbers that you entered for each port in UTIM. Unfortunately, only the caller ID is not reliable. For example, if the unit transfers a call through a trunk or line of JUNCTION and the call is transferred to the unit, we expect to see the port of transfer as caller ID incoming. In this case, we don't want to dismiss the appeal. To handle this, the unit will only reject calls that have caller ID corresponding to a dedicated outdial port (which is a port that is not configured to answer and therefore to transfer calls). So to take full advantage of this feature, you'll want to first configure the outbound ports dedicated for Notification calls, traps and MWI. Then you'll want to make sure that these ports have post numbers entered for them the UTIM. Details of this implementation can be found in CSCdu64641.

    Of course there are always cases where the method above is insufficient. For example, if a call from notification of the unit died in a cell phone that is passed to the caller ID unit original (extension of the unit) may not appear when the transmitted call. In order to take account of cases like this, a new tone-detect basic functionality has been added to 4.0 (4). See the setting "Reject sent Notification DTMF Tone" in the Advanced Settings tool. Unfortunately, this will help with the Notification calls only. Trap the calls that you mentioned won't be affected.

    Hope this helps,

    Eric

  • Cisco IOS IPS in router 2921/k9

    Hi all

    I have a router from Cisco 2921 box database (error C2921/K9) series with BAse IP IOS (IOS SL-29-IPB-K9) image. I want to activate the function of IOS IPS level on this router now. Based on the Cisco Document, I found that I need to purchase a license additional subscripton enale the IPS feature. My querry is-

    It will build on the IOS for basic IP base or do I have to change the IOS?

    If I need to buy the Licesne subscription, how can I get the part number and the cost for the same thing?

    Do I need to purchase any additional module for this as (NME-IPS-K9)?

    Thanks in advance for your quick help

    concerning

    Sunny

    Hi Sunny,

    You do not need a module (however you might install a module instead function in IOS IPS).

    You need 2 licenses:

    1 - a 'security' for your 2921 license enable the IPS feature:

    SL-29-SEC-K9

    License security (paper) for Cisco 2901-2951 (the two system & spare)

    (if you don't have a router, but you can order it with the license as a Pack: CISCO2921-SEC/K9)

    2 - a signature subscription license, which is part of a contract of "services to SPI.

    A "services for IPS" is essentially a SmartNet contract (including the replacement of equipment, to the TAC, etc) more access to the update of the signature.

    SKU for that start with CON-SU or CON - SUO and depends on what level of service for the replacement of HW, and if you want a replacement service on the spot.

    for example CON - SU1 - 2921SEC - this includes a SMARTnet agreement with 8x5xNBD without on-site intervention

    For more information:

    http://www.Cisco.com/en/us/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html#wp9000630

    http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900aecd803137cf.html

    http://www.Cisco.com/en/us/products/ps6076/serv_group_home.html

    WARNING: I'm not in the sale so you can check with your local sales office or with a partner of Cisco, Cisco. In fact, some partners may offer a signature subscription service that is clean (without cover material).

    HTH

    Herbert

Maybe you are looking for