Similar Questions

• Deployment device 42xx Cisco IDS network taps

  Hi all

  Someone at - he experiences of deployment of IDS 42xx (4235 and 4215) appliances with network taps (e.g. Finisar UTP IT Tap/1)? I have several of the device IDS deployed a few months back using the taps of Finisar, and thought that it worked fine, until I discovered that I have am capture only one side of the circulation, due to the nature of the taps! It seems that I need to put in another card network on the device IDS (a Cisco 4235), but is - it possible? Is there a way I can turn the power of 4235 on channel binding or Etherchannel?

  The last option, I think if the ideas above are not possible is to put in another switch and reflect the two ports from the tap water, but that doesn't look good for the final cost...

  Suggestions are most welcomed!

  Thank you

  Kian Wei

  Monitoring network taps with a Cisco IDS device is not officially supported by Cisco.

  That said, howewever, several customers have successfully deployed with taps.

  Faucets, as you've seen have 2 outputs.

  If tap is placed on the connection between computers A and B, one of the outputs will be for traffic from A to B, and the other will be for traffic from B to A.

  To analyze the tap water, the sensor will need to see the two outputs.

  You could do this by connecting the taps to a switch and then extending over 2 ports to the IDS sensor monitoring port.

  Or you may be able to use a second interface on the sensor itself.

  The IDS-4235 4250 IDS and IDS-4215 are able to be upgraded with a 4 ports 10/100 card, for a total of 5 ports to sniff.

  If the connection you type is a 10Mb or 100 MB connection, then purchase 4 port 10/100 for the sensor and the 2 tap on 2 of the ports of the NETWORK adapter card.

  NOTE: The sensor combine incoming packets on all interfaces and treat them as if they are part of the same network.

  You just need to place all interfaces in 'Group 0' and select 'non-stop' each sniffing interface.

  Here is the part number for the 4 ports 10/100 cards:

  ID-4FE-INT =

  Refer to the installation guide for more information on how to install the card and to configure the sensor:

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids10/hwguide/index.htm

  Now if you type is a 1 Gig copper or fiber optic connection then you will need to buy a switch to combine 2 outputs from the taps and extend towards the sensor sniffing port.

  Cisco currently offers no additional copper Gig cards.

  Cisco offers a map of fiber unique Gig for the IDS 4250 SX port but can't stand not place these cards in the sensor 2.

  Cisco also offers a dual port fiber Gig, known as the XL card. The XL card has hardware acceleration for the monitoring of the faster speeds. However, the XL card does not currently work with taps.

  So if followed by a 10/100 connection then try the 4 ports 10/100 card, but if touching a Gig connection, then you will need a switch to aggregate outputs 2.

  What some users have also done is to use the switch and do not worry with the faucet.

  They connect computer A to machine B to the switch and the switch. Then cover the traffic to the port of the sensor.

• Addition of the IDS NETWORK card

  The 4235 comes with interface detection and the ability to add more than 4. How to add an additional NETWORK card and configure it to be a detection running in promiscuous mode interface?

  Thank you

  Look here:

  http://www.Cisco.com/en/us/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c95.html#320

  Focus specifically on:

  Installation of optional PCI cards

  Assignment and allowing remote sensing Interface

• Basic IDS module configuration

  I have some basic configuration questions to ask questions about a module IDS in a router 3725.

  (NM-CIDS)

  1. the interface of the module must be configured as a normal interface like any other fast ethernet interface. If so, how do I enter the web configuration of the sensor? I can t give the sensor a IP on the same subnet as another interface, so I have to create a VLAN on my switch and install a new network adapter on a computer just to access the sensor?

  2. I want to use the sensor to monitor my internet connection. My internet come in the router where the sensor is, but not on the sensor interface. So I added the line: ID-service-module of surveillance on the internet interface. I m now, assuming that the sensor monitors this interface, but it can block t any IP address on it can it? Can I use the interface of s sensor as my internet connection? It will route traffic to the router as any other interface?

  3. If the probe to be on it's own subnet, I can get t the licensing of auto update, since this new subnet as no access to the internet.

  I must admit, I was a bit confused as the basis of this module menu, documentation is clear on how to implement and I did, I even upgraded the sensor to version 5.0, but the basic idea behind it and basic configuration is not clear, he only tells me the reasons for the separate subnet.

  Can someone guide me in the right direction?

  My goal is to install the sensor for connection to the internet society that is currently connected to a fast ethernet on the router card and send events to a syslog server that I'm being followed.

  Thank you

  Bernard Magny

  The NM-CIDS has 2 interfaces, you have to deal with.

  The internal interface on the backplane of the router and an external interface that you can plug a wire to.

  In addition, it has an interface of the router on the backplane of the NM-CIDS router. This background basket of the router interface and the internal interface of the NM-CIDS may be considered to be wired together.

  To think of the NM-CIDS, the simplest method is to consider a PC that sits inside the router.

  It can easily be compared to a device IDS.

  The internal of the NM-CIDS is the interface to sniff. NM - CIDS does not have this internal interface to an IP address. It is used only for the reception of packets from the router for the follow-up and sending TCP resets.

  The router has its bottom of basket interface that corresponds to this interface to internal sniffing NM-CIDS. You must obtain an IP address from the router interface NM - CIDS, but no traffic will never really "routed" to it. If most of the users will be either assign a non-routable address or a loopback address, or do share an address with an other interfaces of the router.

  This address is NOT used to configure or control the NM-CIDS using a nonroutable loopback address is often the best thing to do.

  This router interface and NM-CIDS background basket can best be compared to a port span on a switch controlled by a device.

  The "ids" command applied to a physical interface of the router is like "covering" this interface.

  The 'split' traffic is copied to the destination port "span", which is the bottom interface of router for the NM-CIDS basket. Once these packages are copied into the bottom of the router on the NM-CIDS slot basket, then the internal port of the NM-CIDS will sniff and analyze packets.

  If the real package comes in an interface of the router and get "routed" to another interface on the other. If there is an 'ID' command on one of these 2 interfaces then these packages will be also copied ("split") in the NM-CIDS for surveillance. So the NM-CIDS amd the corresponding interface from the router backplane are not in the path of the package and are only a copy of the package.

  NOTE: Technically, the package doesn't is not 'stride' because 'covering' is only taken in charge by a switch, but the majority of users to understand the concept. And the concept is what I'm trying to convey.

  Now the external port of the NM-CIDS is the port command and control. This is where you have assigned an IP address. Understand that this is NOT a router interface. He will not participate in routing protocols. All packets destined for this port will stop at the NM-CIDS.

  This port is better compared with the command and control of a device IDS sensor port. The port address is used only to talk directly to the IDS sensor.

  So what address to to affect?

  The best method is to give an address on your internal network more secure and phsyically in this network, all taking as you would for any other PC (or the port command and control of a device ID).

  Since this interface the NM-CIDS is not a router interface and does NOT participate in routing, then it's OK for the router itself to have an interface on the same subnet and be connected to the same switch and the same vlan as the external command and control NM-CIDS interface. In fact, it's exactly what most users do. In addition, IP from the router on that subnet is usually the default gateway configured on the NM-CIDS for its command and control interface. If you think that the NM - CID is a PC, so it makes sense.

  Some clients may have a special network for the management of their security devices (usually only large companies). In these scenarios, NM - CIDS command and control can be placed on a network that is not routable even by the router, in which he was placed. It's pretty rare, but it is possible to do.

• Toshiba NB520 11V - how to install a 3G network access module

  Hello

  I recently bought a NB520 11V and I was interested if it's possible and how to install a module 3G network access. And if it is possible, what are the specifications of the installation of a 3G network access module I have to buy.

  Kind regards
  Luis

  Hello

  As I know that some of the model supports NB500 is the 3G module but the NB520 does not support 3G.

  The 3 G CARD-F3307R2 (900TEG), which is equipped in the NB500 is the number of piece K000124470 (google for it)
  But to be honest I'm not very well if this module is compatible with the Mr. NB520 I guess not

• ASA 5505 IPS/IDS Module

  HI Experts,

  Can you please give me an idea on what this module IDS/IPS for ASA 5505?

  How much does it cost? How to install and configure to work with ASA 5505?

  We have also a few site to site of ASA 5505 VPN configuration. This would affect somehow?

  Thank you very much

  ANUP

  ANUP-

  You should be able to find the links that I provided for you with a general search on Cisco's Web site for 'ssc-5' and 'installation' and 'configure '.

  No, you should still ASA terminate Internet access. You want to have the SSC-5 module (IPS) to monitor the interfaces from the INSIDE, (always wanting to make IDS/IPS inside a firewall). This way you can see the traffic after it has been decrypted on your VPN, and after the traffic has been filtered to your firewall rules.

  -Bob

• Enable the ports module network IPS without Defense Center

  Hello

  I am IPS8350/Defense Center solution deployment, for the moment as I donI am not able to reach the domain controller, so I can't control all IP addresses, but I come up with a question, y at - there a way to set up interfaces, via CLI IP addresses? I did some research but led to nothing... I have two modules of network but if I connect something that they do not come to the top, made of the connectivity tests and so far the traffic is going through the IPS.

  I'll make a few changes on the mode of failure of opening on the ports, which can be controlled via the CLI and run some tests.

  Thank you for reading!

  Hello

  Yes you are right, there is no way to set the configuration of the online of CLI interface. Lasted, too, if you set inline, we would need to push politics, etc., which is only possible in DC. We have to get the domain controller running and enter the sensor on the domain controller.

  Kind regards

  Aastha Bhardwaj

  Rate if this is useful!

• why we use the network module

  Why use the network module? What is the purpose of it

  Hello

  When you buy a switch or router, it comes with some default interfaces and some empty slots.

  The default interfaces are usually ethernet interfaces; However, router or switch supports more types of interfaces. You can order and buy these interfaces according to your needs. New interfaces in the form of modules can be put inside these empty slots. Suppose you need a WAN connection between two places. If you buy a module WAN. It's like buying a card your computer's ethernet. Or you need to connect fiber optic cables to your router, you will need to purchase a module with a fiber interface.

  There are two types of module and also two different locations on the routers. Small slits are WIC and bigger for NM (network module)

  Module 1-network (your question).

  This is a great module which can contain a variaty of ports and also some NM modules and some WICs. These modules can usually be inserted into larger routers.

  2-

  WIC is smallest card that can be inserted into a router dirrectly or some cards NM.

  WIC and NM are a little old and today HWIC and NME are mainly used.

  Please click the link below to check the different types of module for router 2800. Take a look at modules with the prefix of NM, NME, WIC HWIC.

  http://www.Cisco.com/c/en/us/products/routers/2800-Series-integrated-SER...

  It will be useful,

  Masoud

• Wrong ID module

  I use a property on the modules node in a cRIO-9180.  Looking at the link C Series Module IDs:
  http://zone.NI.com/reference/en-XX/help/370984R-01/criodevicehelp/module_ids/

  9201 module should return a 0x70A4.  My 9201 modules return a 0x71A1.  If the link has not been updated?  Has changed the module ID code?

  My NI 9485 module and the NI 9403 module return the correct code of 0x71f6 and 0 x 7131.

  Paul

  Hello Paul,

  The list of the IDS module of the product manuals is not entirely accurate, as it changes from time to time. The ID of the module that you said that your 9201 reports corresponds to a NI 9201 with connector d - Sub, which is not present on the list. I take a few steps on my end to get the modified document and add this module!

  In the meantime, there are a few questions I had on your system. First of all, I wanted to make sure that you are actually using a 9201 and not a 9201E (OEM version) - this card is not safe to use with a cRIO/cDAQ chassis. Second, is there any negative impact on your application caused by uncertainty with the module ID? Or we just asking you if that indicates a problem with the card? Thank you very much!

• ID of Module cRIO-9081

  I use a property of e/s FPGA node to get the serial number and the ID of the Module for each module in my cRIO-9081.  The serial numbers match exactly what I thought, it was in my cRIO.  The ID of the Module, however, makes no sense.  I thought that the ID of the Module would have been 9201 for a module OR-9201.  I got a number: 21754370963.

  What should be the ID of the Module?

  Hello Paul,

  The module ID returned by the property ID of Module is not the name of the actual module (e.g. 9201). It returns an ID that you can then associate with a specific module as described in the link below.

  C Series Module IDs:
  http://zone.NI.com/reference/en-XX/help/370984R-01/criodevicehelp/module_ids/

  Kind regards

  j_bou

• No network adapter

  There was no internet access on my computer, then I restarted the router after that that it still wasn't back. So I turned off WiFi and click it to activate but it disappeared after that and it is not found. Now on his boots don't say no module adaptation network 701. Could u please help. BTW the Hp mini 210-1170 model.tnx.

  Hi Marzia11,

  Could you tell me what it shows in your device for your wireless network manager?

  If there is a wireless adapter, does a question mark or yellow question mark?

  The computer did get away or hit?

  Only, I thought that perhaps the adapter is loose or is is defeated.

  Could you try to launch the HP Support Assistant? Here's a download for it.

  http://h18021.www1.HP.com/helpandsupport/HP-self-support.html

  I hope this helps. Let me know.

  Thank you

• Module of IPS for router Cisco 3925?

  Hello

  To be compliant HIPAA our society must have an IPS device. I was looking into it and I came across this router module (see link below). We have around 200 users behind the router and we have 2 locations with a similar setup. This module meets our requirement to have a decent IPS solution, my concerns are. It will be able to support a corporate network? Should what factors I take into account during the finalization of an IPS device.

  http://www.Cisco.com/c/en/us/products/collateral/routers/1841-integrated...

  Any idea is appreciated.

  The modules of network and all the 'old' Cisco IPS devices, modules and software are end-of-sales. Here's the announcement confirming that these specific modules.

  For a modest condition like yours, I recommend a small series of ASA 5500-X running in transparent mode with the power module of fire services running the IPS feature. It is less intrusive to your network ("bump in the wire") and only costs it for the features it offers. the exact model would be mainly depends on your current and projected throughput but for up to 50 Mbit/s with active political IPS you would be fine with the smallest model (ASA 5506-X).

  Find a Cisco partner, who has a security practice in your area. They can advise you on the details and provide a quote.

• 3745 router modules replaceable hot?

  I would insert a 2FE2W module in a 3745 router in a vacant module slot. Is replaceable to hot or "OIR" online modules, insert and removable capable? Help, please!

  Hello

  According to the data of sheet (see link below), RTI is supported on the 3745:

  Insertion and online with a deletion (3745 only)

  --> Allows the modules of network to be exchanged or repaired with minimal impact on the availability of the network

  Check this link to the product page and scroll down to table 1:

  Routers Cisco 3700 Multiservice Access

  Data sheet

  http://www.Cisco.com/en/us/products/HW/routers/PS282/products_data_sheet09186a008009203f.html

  HTH,

  GP

• Problem with IDS in 6509

  Hello world.

  I have a problem with a module IDS.

  That's the problem, the ID module is in slot 5, status "turn off" when I run the command "activate mod 5" its status is changed to "other"

  Information:

  Cisco 6509

  iOS: 12.2 (18) SXF1

  ID of module information:

  HW:5.0

  WS-SVC-IDS2-BUN-K9

  Thnks.

  Jorge;

  First of all, you can move this thread to the security > Community Intrusion Prevention Systems/IDS which deals with questions about the modules and Cisco's IPS appliances.

  Secondly, the question may be associated Hardware.  The first test would be to remove the module from the chassis for 20 minutes and then firmly back in the chassis.  If this does not resolve the issue, it would be better to open a service request with TAC for additional tests can be performed.

  Scott

• Ontario Regulation the upgrade of Version 4.0 of Cisco IDS to 5.0

  Dear Happs / marcabal

  I have one of the IDS 4215 4.1 (1) Version with the details attached. I want the same thing to 5.0 and 6.0. So I install the 5.0 (1e) S149 major to upgrade to 5.0 first release

  The following is written in the read me file for the package of service IPS-K9-maj-5.0-1e-S149.rpm.pkg

  "For ID-4215, you must also make sure that you have upgraded the BIOS to the version.

  5.1.7 and the ROMMON version 1.4 "

  So I downloaded the upgrade utility mentioned above; However, I need to know following

  (1) how to check the current BIOS and the ROMMON Version in ID

  2) to upgrade the BIOS and ROMMON Version, can I do my dekstop (Windows XP) as a server TFTP we manage remote (LINE of LEASE), customer IDS, or do I need to have a local instead of customers himself (in the cisco IDS network beach only) which can be made as TFTP server

  (3) also please let me know how do I know the IDS 4.0 license and if no license is available then, can still update us to version 5.0?

  There is no version 4.x license, licenses began only in version 5.0.

  You can improve your 4215 to version 5.1 or 6.0 unlicensed.

  The minimum versions of BIOS update and forms are easily searched on CCO.