C-6
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix C Troubleshooting
Troubleshooting the 4200 Series Appliance
Step 5
Make sure the IP address of the workstation that is trying to connect to the sensor is permitted in the
sensor’s access list:
sensor#
setup
--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
User ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Current Configuration:
service host
network-settings
host-ip 10.89.130.108/23,10.89.130.1
host-name sensor
telnet-option enabled
access-list 0.0.0.0/0
ftp-timeout 300
no login-banner-text
exit
--MORE--
If the workstation’s network address is permitted in the sensor’s access list, go to Step 6.
Step 6
Add a permit entry for the workstation’s network address, save the configuration, and try to connect
again.
For more information, see
Changing the Access List, page 4-5
.
Step 7
Make sure the network configuration allows the workstation to connect to the sensor.
If the sensor is protected behind a firewall and the workstation is in front of the firewall, make sure the
firewall is configured to allow the workstation to access the sensor. Or if the workstation is behind a
firewall that is performing network address translation on the workstation’s IP address, and the sensor is
in front of the firewall, make sure that the sensor’s access list contains a permit entry for the
workstation’s translated address.
For more information, see
Changing the Access List, page 4-5
.
Misconfigured Access List
To correct a misconfigured access list, follow these steps:
Step 1
Log in to the CLI.
Step 2
View your configuration to see the access list:
sensor#
show configuration | include access-list
access-list 10.0.0.0/8
access-list 64.0.0.0/8
sensor#
Step 3
Verify that the client IP address is listed in the allowed networks. If it is not, add it:
sensor#
configure terminal
sensor(config)#
service host
sensor(config-hos)#
network-settings
sensor(config-hos-net)#
access-list 171.69.70.0/24