First configuration of NME-IPS-K9
Hello world
I have trouble to initialize the NME think I just bougth; in fact, I use a router cisco 2811 on which I have installed the NME, the command"
service module' seems to not exist in my router, when I get home it router display an error.
also, when I enter this command: 'show the inventory', I have this output:
NAME: 'unknown on Slot 1', DESCR: 'as '.
PID: NME IPS - K9, VID: V02, SN: FOC13091TNT
is this normal output?
Please help me this is my first time to work on NME.
Thank you very much in advance
The name should appear as "Cisco Intrusion Prevention System NM on Slot 1".
What is the version of the IPS software you use?
Following guide should be able to help.
http://www.Cisco.com/en/us/docs/security/IPS/7.0/Configuration/Guide/CLI/cli_nme.html
Kind regards
Sawan Gupta
Tags: Cisco Security
Similar Questions
-
NME - IPS K9 break-in 3845 not accessible
I am not able to make a ping or ssh in my IPS module. I am not able to access through the router either. When I try to create a session through the router I get the following: try xx.xxx.xxx.xxxx, 2114 Open... and it just is. Y at - it another way to access it or restart the module, without having to reboot the router.
Hello
1. you can reset the router CLI NME - IPS module.
This will only reset the NME - IPS not the router.
router# service-module ids-sensor 1/0 reset
Use reset only to recover from shutdown or failed state
Warning: May lose data on the hard disc!
Do you want to reset?[confirm]
http://tools.cisco.com/squish/b63A4
2. After it comes back up, check if the module is responsive.
You can also issue: 'show inventory' and check if the module is even detected by the router.
If the module is not even detected by the router, it may be an hardware issue.3. Check if the module is correctly configured.
Check my configuration document for this.https://supportforums.cisco.com/docs/DOC-12364
Sid Chandrachud
TAC Security Solutions -
K9-NME-IPS does not all packages
Hello members,
I have a K9-NME-IPS module in my router installed but it seems that it does not all packets from the router. This is the configuration for the IDS Sensor Interface and the Interface where I want to send traffic to the sensor.
interface GigabitEthernet0/0
Description CONNECTION to THE MPLS BACKBONE
no ip address
full duplex
Speed 100
No cdp enable
!
!
interface GigabitEthernet0/0.100
CONNECTION to VRF100 VRF description
encapsulation dot1Q 100
IP vrf forwarding VRF100
IP 172.16.2.14 255.255.255.248
ID-service-module monitoring inline access list 100
No cdp enable
!
interface GigabitEthernet0/0,103
Description CONNECTION to VRF200
encapsulation dot1Q 103
IP vrf forwarding VRF200
IP 172.16.11.6 255.255.255.248
penetration of the IP stream
stream IP output
ID-service-module monitoring inline access list 100access ip-list 100 permit a whole
and here are the statistics of the module.
# display the virtual sensor statistics
Virtual sensor statistics
Statistics for vs0 virtual sensor
Name of the current instance of Signature-definition sig0 =
Name of the current instance of event-action rules = rules0
List of interfaces controlled by this virtual sensor = sous-interface GigabitEthernet0/1 0
General statistics for this virtual sensor
Number of seconds since statistics reset = 10137
MemoryAlloPercent = 51
MemoryUsedPercent = 49
MemoryMaxCapacity = 614400
MemoryMaxHighUsed = 432128
MemoryCurrentAllo = 317667
MemoryCurrentUsed = 302192
Percentage of the processing load = 1
Total packets processed since reset = 0
Total of processed since the reset = 0 IP packets
Total of IPv4 packets processed since reset = 0
Total of IPv6 packets processed since reset = 0
Total IPv6 AH packets processed since reset = 0
Total of ESP IPv6 packets processed since reset = 0
Total of the IPv6 Fragment packets processed since reset = 0
Total IPv6 routing header packets processed since reset = 0
Total of the IPv6 ICMP packets processed since reset = 0
Total of packages that were not processed since the reset = 0 IP
Total of the TCP packets processed since reset = 0
Total of the UDP packets processed since reset = 0
Total of ICMP packets processed since reset = 0
Total packets that were not TCP, UDP or ICMP processing since reset = 0
Total of ARP packets processed since reset = 0
Total ISL-encapsulated packets processed since reset = 0
802-1 total q encapsulated packets processed since reset = 0
Total packets with bad checksum IP processed since reset = 0
Total packets with wrong layer 4 are treated for reset = 0
Total number of bytes processed since reset = 0
Packets per second since the reset rate = 0
Bytes per second since the reset rate = 0
The way of bytes per packet since the reset = 0Thanks for your comments
Alex
Hi Alex,
Matthew has been mentioned previously, for the NME module, the access list defines which traffic will be NOT be inspected.
If you want the NME to inspect all traffic, you need to change the list of access to DENY all traffic.
So, change it to "access-list 100 deny ip any one" to inspect all traffic.
Thank you
Stijn
-
SmartNet contrct to NME-IPS-K9
Hello world
I want to know if it is possible for my company to get a contract for our modules NME - IPS smartnet directly without a cisco partner? and if yes how can we precede?
Thank you
Not that I know of. No matter where you go, you will find a partner/reseller of certain level. What difference does anyway?
Sent by Cisco Support technique iPad App
-
Configuration of the IPS Cisco 2921
Hello
Is there a design guide to see how to configure a router Cisco IPS and how it should be better implemented (2921)?
Kind regards
Laurent
Hello
Here is the guide to Setup IOS IPS for IOS 15.0:
I hope this helps.
-
First configuration PC (1800usd/1300eur)
Hello world
I have read this forum for some time and would like to thank employees for the things I have learned here. Although there has been much discussion of configuration, I decided to start this one because I have a few questions that do not apply to others.
Me and a friend started a small film production company year last in Bucharest, Romania. We made the wedding movies especially, we use DSLRs and the editing of the films made in first CS5 and some experiences in AfterEffects (I can provide a portfolio link if someone trinkets). Up to now, we have used a configuration Athlon x 2 with a GeForce gtx 285 and 6 GB of ram.
Now, I gathered the money and it is time for the upgrade.
I7 950
Gigabyte x58a ud3R
GTX 470 OC Super 1.28 GB
dd3 kingmax 4 GB 1333 MHz 3 x
Power supply: Antec TruePower Quattro 850 W
Case: Antec three hundred
Configuration of the hard disk:
1 drive hard Samsung 320 GB SATA-II 7200 RPM 16 MB SpinPoint F4
2. hard drive Samsung 1 TB SATA-II 7200 RPM 32 MB Spinpoint F3 PMR
3. hard drive Samsung 2 TB SATA-II 5400 RPM 32 MB SpinPoint F4 Eco Green(1 windows and programs 2 swap, 3 storage project files)
in 1 or 2 months, we will invest again in this configuration
my questions are,
what I can do to improve hard disk Setup? (taking into account the fact that the above configuration is 95% of the funds available)
for ram memory Corsair DDR3 4096 MB 1600 Mhz CL9 would be about 40 usd additional, useful?
video card, by 67 usd less I can have a normal asus GTX470, version super overclocked from gigabyte is worth the difference?
any suggestions for a good CPU cooler?
http://www.pcgarage.ro/vizualizare-wishlist/341122/ - link configuration (in Romanian)
Thank you.
' what I can do to improve hard disk Setup? . " (taking into account the fact that the above configuration is 95% of the funds available) »
1 BUY all the disk hard exctly the same. Then, you will think to do a raid configuration right.
"the RAM Corsair DDR3 4096 MB 1600 Mhz CL9 would be about 40 usd additional, is - this useful?"
Absolutely, and if the corsair is the "DOMINATOR MODEL even more." It is the best ram in the market no matter what.
"for 67 usd, less I can have a normal asus GTX470, version super overclocked from gigabyte is worth the difference?
any suggestions for a good CPU cooler? »
If you buy a gtx 460 you will get the same result if you do a good overclock. anyway in the end what will be most important is on the order of your cpu.
B.R.
Cristobal.
-
[SOLVED] 2 13 Yoga has arrived: BSOD after first configuration
Hello
I just bought a Lenovo Yoga 2 13 online. After unpacking, I started and finished the initial automatic configuration (keyboard, wifi, account, etc.). Restarting and BSOD ":-(pc encountered you a problem." Restarting the laptop itself in "automatic repair", it just freezes with black screen (not BSOD).
If I turn it on and the new, the same cycle (BSOD, reboot, black screen).
The novo key directly put me in the black screen freeze (after choosing "repair system" and right after the lenovo with rotation points logo)
I never happened to be achievements have won 8.1 running. The laptop is brand new.
I don't think that I need to install OKR8 image since the menu key of novo is there and I got to partitions. I am not a beginner and I could try to reinstall win 8.1 from USB, but I don't want to break the warranty.
Any tips?
SOLVED. Volume 0 (432 GB, one of the 7 drive partitions), for some mysterious reason, has not formatted and was instead of type RAW.
I found that by running diskpart from a USB Pendrive windows recovery to another laptop.
I formatted the RAW partition and began to 'system recovery', which brought the laptop to the State of origin, and this time everything went smoothly.
-
Can Cisco Configuration Professional to use the IPS feature?
Dear Expert
Hello.
Could you tell me about Cisco Configuration Professional.
I would try the IOS - IPS on Cisco2901-SEC/K9.
I was looking to the ORC on Cisco Configuration Professional.
Cisco2901-SEC/K9 does not support SDM.
But the Cisco2901-SEC/K9 support the Cisco Configuration Professional.
Can you Cisco Configuration professional to use IPS as SDM function?
Kind regards
Takuro.
Hello
Yes, you can configure Cisco Configuration Professional IOS IPS.
CCP has a wizard to guide you through the process, there is a link for it:
I hope this helps you.
-------
Mashal
-
Deployment of Cisco IPS 4240 devices
I can't find all the information about the Cisco IPS 4240 features massive deployments. I have 6 devices, I intend to drive to several remote sites and tie in a centralized unit of Cisco MARCH. Without the help of any CSM/LMS software, is there a quick and dirty to pull this off? I think to set up a single IPS appliance, then pull and distribute the configuration file for the remaining devices. I would like to see how others have done this...
If all of your sensors are of the same type (all 4240 to your situation) and will execute all the even correct configuration, then the copy command will help out you.
There is a new feature added to the copy command in IPS 6.1 which will help you during the copying of config of one sensor to another.
Complete you configure a sensor (using IME, IDM or CLI). When you are satisfied with the configuration, and then use the command copy to copy ON a server of SCP.
Now bringup a second sensor and configure basic networking through the Installer settings (ip address, gateway, etc...).
Now, use the command copy to copy the first configuration of sensors from the SCP server in the running of the second probe configuration on the second.
It will ask you to change the network settings on the second probe.
Answer n °
The rest of the configuration of the probe first copy will be placed in the second sensor.
The second sensor will keep its own unique IP address but win the rest of the configuration of the config of the first probe.
Continue to do this with additional sensors.
The process can then be repeated every time that additional changes are made to the first sensor.
Remember though that this only works if the configuration of the probe will be exactly duplicated (including what interfaces would be monitored and how).
If each sensor will have some unique tunings, then you need to manage each sensor on its own or buy CSM which can be used to share only parts of the configuration of multiple sensors.
-
Is there a way to test the IPS configuration to ensure that the actions are working correctly? I have a NME - IPS.
Hello
A common method is to test with the ICMP traffic, for example ping x.x.x.x from inside in a place outside the router, after visiting signature 2004.
SPSP
-
NEWBIE: vSwitch in a matter of the host Cluster Configuration
Hello
I'm pretty new to vmware and will be starting my first implementation in the coming days. I had training and have a very good understanding of what it is I'm doing it but have a few issues of networking.
If we do not have Enterprise Plus and must use Standard vSwitches on each host in the cluster (using 3 host cluster), that mean each virtual NETWORK adapter configurations on each vswitch hosts will be exactly the same? So, if I put the vMotion group of ports on host A to use the physical network (vmnic0 and vmnic1) interface cards whose 192.168.10.1 IP address et.2. It means that I then configure the same IPS for vMotion Port Group (vmnic0 and vmnic1) on host B and C of the host in the cluster?
If this is the case then wouldn't NIC physical on the three ESX hosts in the cluster need to have same IP configs, in which case wouldn't that cause conflicts of intellectual property, no? Please advise if I am not clear enough. Thankx.
Rick,
You would need separate IP addresses for each VMkernel port that you are creating. Thus, for example, if you create 2 VMkernel ports per host, 1 host could avoir.1 et.2, host 2 may avoir.3 et.4 and host 3 can be affectee.5 et.6.
But remember, you are not assigning IP addresses for uplink adapters (vmnic), you will then assign to the VMkernel Ports. Your ESXi host will have a VMkernel default port for management (created during installation) which will have the IP address of your hosts assigned management.
If you create a separate network for vMotion (recommended), this would require a VMkernel port separated with the checkbox "Use this port for vMotion" checked, and who would live on, most likely, a separate vSwitch with its own uplinks. The VMkernel port would have its own unique IP address. You will need to repeat this configuration (with specific to host IPs) on each host.
-
configuration of VLAN and routing problem 6224 switch
I, m having a problem accessing internet to vlan 10. I can ping everything of all the VLANS. My internet router/firewall is on ethernet 1/g11 and has an ip address of 192.168.5.254. I have no problem accessing internet to vlan 20. I add a static route to my router/firewall. What Miss me? This is my first configure a layer 3 switch.
Configure
database of VLAN
VLAN 10.20
output
battery
1 1 member
output
IP 10.10.10.1 255.255.255.0
default IP gateway - 10.10.10.254
IP routing
IP route 0.0.0.0 0.0.0.0 192.168.5.254
interface vlan 10
Routing
IP 192.168.100.1 address 255.255.255.0
output
interface vlan 20
Routing192.168.5.1 IP address 255.255.255.0
output!
interface ethernet 1/g1
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10
output
!
interface ethernet 1/g2
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10
output
!
interface ethernet 1/g11
switchport mode general
switchport General pvid 20No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 20
output
!
interface ethernet 1/g12
switchport mode general
switchport General pvid 20
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 20
output
!
interface ethernet 1/g13
switchport mode general
switchport General pvid 20
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 20
output
outputRoute ip console #show
The traffic code: R - RIP derived, O - OSPF derived, C - connected, S - static
B - BGP derived, IA - OSPF Inter zone
E1 - OSPF external Type 1, E2 - OSPF external Type 2
N1 - OSPF NSSA external Type 1, N2 - OSPF NSSA external Type 2S 0.0.0.0/0 [1/0] via 192.168.5.254, vlan 20
C 192.168.5.0/24 [0/0], directly connected, vlan 20
192.168.100.0/24 C [0/0], directly connected, vlan 10Console #.
-
I want to ask you what the works of IPS on ASAs functionality.
There all the signatures, or it is limited?
Perfect me if Iam wrong if I say that I needed module AIM for ips work on the asa. If Iam right, so why AIM has only 1 ethernet interface. This means that I am not follow 1 vlan?
Thank you very much.
The ASA-SSM-AIP-10 or ASA-SSM-AIP-20 according to the ASA modules is required for full monitoring of IPS features. The IPS on the MSS software is the same as for devices and other modules IPS. It uses the same software and signature updates. (Except for the image of the main system which has a few extra things to allow installation on the SSM)
Without the ASA-SSM-AIP, the Software ASA itself has a set of very limited signatures that can be monitored. The signatures set is the same as in the previous version of the Pix Firewall.
As for the single port on the ASA - SSM. This port is not a monitoring port. The port is the port command and control and has an IP address so that you can telnet, ssh or web browse to the sensor, so you can manage. The real follow-up is done on an internal interface connected inside firewall basket. The ASA can be configured through its policy to send packets through the SSM for the analysis of the IPS. Politics on the SAA can be configured for the IPS to monitor packets histocompatibility or inline.
The SAA can be configured to send all or part of the packets through the firewall to monitor by the IPS of code that runs on the MSS.
Since the external port is not a monitoring port that DFS may not be configured to control packets that do not go through the ASA. Packets must pass through the ASA ASA copy these packages through internal backplane to the SSM for analysis.
-
Recommended method to configure the unit to reject calls to himself
What is the recommended / best for the configuration of the unit to refuse or remove calls to itself?
A situation like a TRAP to call on a phone that has the value CFA VMail.
Thank you
Vance
By default, the unit will try to match the incoming calls caller ID to post numbers that you entered for each port in UTIM. Unfortunately, only the caller ID is not reliable. For example, if the unit transfers a call through a trunk or line of JUNCTION and the call is transferred to the unit, we expect to see the port of transfer as caller ID incoming. In this case, we don't want to dismiss the appeal. To handle this, the unit will only reject calls that have caller ID corresponding to a dedicated outdial port (which is a port that is not configured to answer and therefore to transfer calls). So to take full advantage of this feature, you'll want to first configure the outbound ports dedicated for Notification calls, traps and MWI. Then you'll want to make sure that these ports have post numbers entered for them the UTIM. Details of this implementation can be found in CSCdu64641.
Of course there are always cases where the method above is insufficient. For example, if a call from notification of the unit died in a cell phone that is passed to the caller ID unit original (extension of the unit) may not appear when the transmitted call. In order to take account of cases like this, a new tone-detect basic functionality has been added to 4.0 (4). See the setting "Reject sent Notification DTMF Tone" in the Advanced Settings tool. Unfortunately, this will help with the Notification calls only. Trap the calls that you mentioned won't be affected.
Hope this helps,
Eric
-
Cisco IOS IPS in router 2921/k9
Hi all
I have a router from Cisco 2921 box database (error C2921/K9) series with BAse IP IOS (IOS SL-29-IPB-K9) image. I want to activate the function of IOS IPS level on this router now. Based on the Cisco Document, I found that I need to purchase a license additional subscripton enale the IPS feature. My querry is-
It will build on the IOS for basic IP base or do I have to change the IOS?
If I need to buy the Licesne subscription, how can I get the part number and the cost for the same thing?
Do I need to purchase any additional module for this as (NME-IPS-K9)?
Thanks in advance for your quick help
concerning
Sunny
Hi Sunny,
You do not need a module (however you might install a module instead function in IOS IPS).
You need 2 licenses:
1 - a 'security' for your 2921 license enable the IPS feature:
SL-29-SEC-K9
License security (paper) for Cisco 2901-2951 (the two system & spare)
(if you don't have a router, but you can order it with the license as a Pack: CISCO2921-SEC/K9)
2 - a signature subscription license, which is part of a contract of "services to SPI.
A "services for IPS" is essentially a SmartNet contract (including the replacement of equipment, to the TAC, etc) more access to the update of the signature.
SKU for that start with CON-SU or CON - SUO and depends on what level of service for the replacement of HW, and if you want a replacement service on the spot.
for example CON - SU1 - 2921SEC - this includes a SMARTnet agreement with 8x5xNBD without on-site intervention
For more information:
http://www.Cisco.com/en/us/products/ps6076/serv_group_home.html
WARNING: I'm not in the sale so you can check with your local sales office or with a partner of Cisco, Cisco. In fact, some partners may offer a signature subscription service that is clean (without cover material).
HTH
Herbert
Maybe you are looking for
-
Why not is not FLAC supported by iTunes, please?
Hello a competent person from Apple can you please explain why FLAC is not supported in iTunes? Given that I spent the MP3 to the FLAC, I stopped using iTunes it is precisely for this reason. Since FLAC became de facto standard in music of rentals, i
-
As stated, I used the reset function in Firefox and everything immediately after the icon on all my PDF files changed the Firefox icon. I hope that Mozilla is working on a fix for this?
-
Satellite C660 - BSOD Unmountable boot volume
satellite c660 blue screenUnmountable_boot_volumeTechnical info.Stop: oxooooooed Does that mean and how do I do?Enough, please someone help me. Thank you
-
Hello I use plugin Blubrry PowerPress on to fuel the mp3s to iTunes. My sites Web has members of the area using the S2Member plugin which allows subscribing members to access the full mp3. Is there a way to customize it in iTunes? This work in the pl
-
Could not initialize all required WMI Classes
My programs that rely on WMI function do not work properly. When I checked the WMI settings (went to Device Manager > WMI Control > properties), I get the following error: Could not initialize all required WMI classes. Win32_Processor: Win32: the sys