manualshive.com logo in svg

Cisco AIP-SSM-10, Installation Manual

The Cisco AIP-SSM-10 is a cutting-edge security module designed to enhance network protection. Ensure seamless installation with our comprehensive and user-friendly Installation Manual. Download this manual for free from manualshive.com, and empower yourself with detailed instructions to optimize the functionality and safety of your network infrastructure.

Share
Download
background image

   

Glossary

GL-13

Installing Cisco Intrusion Prevention System Appliances and Modules 5.0

78-16124-01

RTP

Real-Time Transport Protocol. Commonly used with IP networks. RTP is designed to provide 
end-to-end network transport functions for applications transmitting real-time data, such as audio, 
video, or simulation data, over multicast or unicast network services. RTP provides such services as 
payload type identification, sequence numbering, timestamping, and delivery monitoring to real-time 
applications. 

RU

rack unit. A rack is measured in rack units. An RU is equal to 44 mm or 1.75 inches.

S

SAP

Signature Analysis Processor. Dispatches packets to the inspectors that are not stream-based and that 
are configured for interest in the packet in process.

SCEP

Simple Certificate Enrollment Protocol. The Cisco Systems PKI communication protocol that 
leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment 
protocol.

SDEE

Security Device Event Exchange. A product-independent standard for communicating security device 
events. It is an enhancement to RDEP. It adds extensibility features that are needed for communicating 
events generated by various types of security devices. 

SDP

Slave Dispatch Processor. 

Secure Shell 
Protocol

Protocol that provides a secure remote connection to a router through a Transmission Control Protocol 
(TCP) application.

SEAF

signature event action filter. Subtracts actions based on the signature event’s signature ID, addresses, 
and RR. The input to the SEAF is the signature event with actions possibly added by the SEAO.

SEAH

signature event action handler. Performs the requested actions. The output from SEAH is the actions 
being performed and possibly an <evIdsAlert> written to the Event Store.

SEAO

signature event action override. Adds actions based on the RR value. SEAO applies to all signatures 
that fall into the range of the configured RR threshold. Each SEAO is independent and has a separate 
configuration value for each action type.

SEAP

Signature Event Action Processor. Processes event actions. Event actions can be associated with an 
event risk rating (RR) threshold that must be surpassed for the actions to take place.

Security Monitor

Monitoring Center for Security. Provides event collection, viewing, and reporting capability for 
network devices. Used with the IDS MC.

sensing interface

The interface on the sensor that monitors the desired network segment. The sensing interface is in 
promiscuous mode; it has no IP address and is not visible on the monitored segment.

sensor

The sensor is the intrusion detection engine. It analyzes network traffic searching for signs of 
unauthorized activity.

SensorApp

A component of the IPS. Performs packet capture and analysis. SensorApp analyzes network traffic for 
malicious content. Packets flow through a pipeline of processors fed by a producer designed to collect 
packets from the network interfaces on the sensor. Sensorapp is the standalone executable that runs 
Analysis Engine.

Summary of Contents for AIP-SSM-10

Page 1: ...st Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 Customer Order Number DOC 7816124 Text Part Number 78 16124 01 ...

Page 2: ...e television or radio Plug the equipment into an outlet that is on a different circuit from the television or radio That is make certain the equipment and the television or radio are on circuits controlled by different circuit breakers or fuses Modifications to this product not authorized by Cisco Systems Inc could void the FCC approval and negate your authority to operate the product The Cisco im...

Page 3: ...de 1 4 TCP Reset 1 4 Supported Interfaces 1 5 Your Network Topology 1 6 Supported Sensors 1 6 Appliances 1 8 Introducing the Appliance 1 8 Appliance Restrictions 1 9 Connecting an Appliance to a Terminal Server 1 9 Modules 1 10 Introducing AIP SSM 1 11 Introducing IDSM 2 1 12 Introducing NM CIDS 1 12 Time Sources and the Sensor 1 14 Understanding Time on the Sensor 1 14 Correcting the Time on the ...

Page 4: ... 8 Installing Front Mount Brackets 2 9 C H A P T E R 3 Installing IDS 4215 3 1 Introducing IDS 4215 3 1 Front and Back Panel Features 3 2 Specifications 3 3 Accessories 3 4 Surface Mounting 3 5 Rack Mounting 3 5 Installing IDS 4215 3 7 Upgrading the BIOS and ROMMON 3 9 Removing and Replacing the Chassis Cover 3 11 Removing the Chassis Cover 3 11 Replacing the Chassis Cover 3 13 Removing and Replac...

Page 5: ... Disconnecting the XL Card Fiber Ports 4 14 Removing and Replacing the SCSI Hard Disk Drive 4 15 Removing the SCSI Hard Disk Drive 4 16 Replacing the SCSI Hard Disk Drive 4 17 Four Post Rack Installation 4 17 Recommended Tools and Supplies 4 18 Rack Kit Contents 4 18 Installing the Slide Assemblies 4 18 Installing the Appliance in the Rack 4 20 Installing the Cable Management Arm 4 21 Routing the ...

Page 6: ...equirements 7 2 Supported IDSM 2 Configurations 7 2 Using the TCP Reset Interface 7 3 Front Panel Features 7 3 Installation and Removal Instructions 7 4 Required Tools 7 4 Slot Assignments 7 4 Installing IDSM 2 7 5 Verifying Installation 7 8 Removing IDSM 2 7 10 Enabling Full Memory Tests 7 12 Catalyst Software 7 12 Cisco IOS Software 7 13 Resetting IDSM 2 7 13 Catalyst Software 7 13 Cisco IOS Sof...

Page 7: ...verview 9 1 System Configuration Dialog 9 1 Initializing the Sensor 9 2 Verifying Initialization 9 7 C H A P T E R 10 Obtaining Software 10 1 Obtaining Cisco IPS Software 10 1 IPS Software Versioning 10 2 IPS Software Image Naming Conventions 10 3 5 x Software Release Examples 10 4 Upgrading Cisco IPS Software from 4 1 to 5 0 10 5 Obtaining a License Key From Cisco com 10 6 Overview 10 6 Service P...

Page 8: ...Contents viii Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 ...

Page 9: ...nced network security administrators who install and maintain Cisco IPS sensors including the supported IPS appliances and modules Conventions This document uses the following conventions Convention Indication bold font Commands and keywords and user entered text appear in bold font italic font Document titles new or emphasized terms and arguments for which you supply values are in italic font Ele...

Page 10: ...n Prevention System 5 0 and can be found on Cisco com at this URL http www cisco com en US products hw vpndevc ps4077 tsd_products_support_series_home html Documentation Roadmap for Cisco Intrusion Prevention System 5 0 Release Notes for Cisco Intrusion Prevention System 5 0 Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor Installi...

Page 11: ...d gathering additional information see the monthly What s New in Cisco Product Documentation which also lists all new and revised Cisco technical documentation at http www cisco com en US docs general whatsnew whatsnew html Subscribe to the What s New in Cisco Product Documentation as a Really Simple Syndication RSS feed and set content to be delivered directly to your desktop using a reader appli...

Page 12: ...xii Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Preface Obtaining Documentation and Submitting a Service Request ...

Page 13: ...page 1 6 Appliances page 1 8 Modules page 1 10 Time Sources and the Sensor page 1 14 Installation Preparation page 1 16 Site and Safety Guidelines page 1 17 Cable Pinouts page 1 20 How the Sensor Functions This section describes how the sensor functions and contains the following topics Capturing Network Traffic page 1 1 Sensor Interfaces page 1 3 Promiscuous Mode page 1 3 Inline Mode page 1 4 TCP...

Page 14: ...ding to attacks the sensor can do the following Insert TCP resets via the monitoring interface Note The TCP reset action is only appropriate as an action selection on those signatures that are associated with a TCP based service If selected as an action on non TCP based services no action is taken Additionally TCP resets are not guaranteed to tear down an offending session because of limitations i...

Page 15: ...hed Promiscuous mode is contrasted by inline technology where all packets entering or leaving the network must pass through the sensor For more information see Promiscuous Mode page 1 3 and Inline Mode page 1 4 The sensor monitors traffic on interfaces or inline pairs that are assigned to the default virtual sensor For more information refer to Assigning Interfaces to the Virtual Sensor To configu...

Page 16: ... thus providing a protective service Not only is the inline device processing information on layers 3 and 4 but it is also analyzing the contents and payload of the packets for more sophisticated embedded attacks layers 3 to 7 This deeper analysis lets the system identify and stop and or block attacks that would normally pass through a traditional firewall device In inline mode a packet comes in t...

Page 17: ...0 0 1 1 1 0 1 1 2 0 1 1 3 FastEthernet0 0 IDS 4235 None N A All IDS 4235 4FE 4FE FastEthernetS 0 FastEthernetS 1 FastEthernetS 2 FastEthernetS 3 1 0 1 1 1 0 1 2 1 0 1 3 1 1 1 2 1 1 1 3 1 2 1 3 GigabitEthernet0 0 GigabitEthernet0 1 IDS 4250 None N A All IDS 4250 4FE 4FE FastEthernetS 0 FastEthernetS 1 FastEthernetS 2 FastEthernetS 3 1 0 1 1 1 0 1 2 1 0 1 3 1 1 1 2 1 1 1 3 1 2 1 3 GigabitEthernet0 0...

Page 18: ... that are supported by Cisco IPS 5 0 Note For instructions on how to obtain the most recent Cisco IPS software see Obtaining Cisco IPS Software page 10 1 Caution Installing the most recent software version 5 0 on unsupported sensors may yield unpredictable results We do not support software installed on unsupported platforms IPS 4255 4 onboard GE GigabitEthernet0 0 GigabitEthernet0 1 GigabitEthern...

Page 19: ...30 FE Table 1 2 Supported Sensors Model Name Part Number Optional Interfaces Appliances IDS 4210 IDS 4210 IDS 4210 K9 IDS 4210 NFR IDS 4215 IDS 4215 K9 IDS 4215 4FE K91 1 IDS 4215 4FE K9 is the IDS 4215 K9 with the optional 4FE card IDS 4FE INT installed at the factory IDS 4FE INT IDS 4235 IDS 4235 K9 IDS 4FE INT IDS 4250 IDS 4250 TX K9 IDS 4250 SX K9 IDS 4250 XL K9 IDS 4FE INT IDS 4250 SX INT IDS...

Page 20: ...as it captures and analyzes network traffic These responses include logging the event forwarding the event to the manager performing a TCP reset generating an IP log capturing the alert trigger packet and reconfiguring a router The appliance offer significant protection to your network by helping to detect classify and stop threats including worms spyware and adware network viruses and application...

Page 21: ...ppliances To set up a Cisco terminal server with RJ 45 or hydra cable assembly connections follow these steps Step 1 Connect to a terminal server using one of the following methods For IDS 4215 IPS 4240 and IPS 4255 For RJ 45 connections connect a 180 rollover cable from the console port on the appliance to a port on the terminal server For hydra cable assemblies connect a straight through patch c...

Page 22: ...OS and POST messages are still displayed on the local keyboard and monitor Note There are no keyboard or monitor ports on an IDS 4215 IPS 4240 or IPS 4255 therefore the display serial and no display serial commands do not apply to those platforms Step 3 Be sure to properly close a terminal session to avoid unauthorized access to the appliance If a terminal session is not stopped properly that is i...

Page 23: ...ditional step of sending all packets which did not result in an intrusion back out the GigabitEthernet interface Figure 1 2 shows ASA with AIP SSM in a typical DMZ configuration A DMZ is a separate network located in the neutral zone between a private inside network and a public outside network The web server is on the DMZ interface and HTTP clients from both the inside and outside networks can ac...

Page 24: ...ta in the packet payload whereas context based attacks contain potentially malicious data in the packet headers You can configure IDSM 2 to generate an alert when it detects potential attacks Additionally you can configure IDSM 2 to transmit TCP resets on the source VLAN generate an IP log and or initiate blocking countermeasures on a firewall or other managed device Alerts are generated by IDSM 2...

Page 25: ...to the sender to stop the TCP session that is causing the attack In addition to analyzing captured packets to identify malicious activity NM CIDS can also perform IP session logging that can be configured as a response action on a per signature basis When the signature fires session logs are created over a specified time period in a tcpdump format You can view these logs using Ethereal or replay t...

Page 26: ...clock set command to set the time This is the default For the procedure refer to Manually Setting the Clock Use NTP You can configure the appliance to get its time from an NTP time synchronization source For the procedure refer to Configuring a Cisco Router to be an NTP Server You will need the NTP server IP address the NTP key ID and the NTP key value You can set up NTP on the appliance during in...

Page 27: ...IDS to ensure that the UTC time settings are correct The local time of NM CIDS could be incorrect if the time zone and or summertime settings do not match between NM CIDS and the router Use NTP You can configure NM CIDS to get its time from an NTP time synchronization source such as a Cisco router other than the parent router For the procedure refer to Configuring a Cisco Router to be an NTP Serve...

Page 28: ...central time with daylight saving time enabled and the local time is 8 04 p m the time is displayed as 20 04 37 CDT and has an offset from UTC of 5 hours 01 04 37 UTC the next day A week later at 9 00 a m you discover the error the clock shows 21 00 23 CDT You then change the time to 9 00 a m and now the clock shows 09 01 33 CDT Because the offset from UTC has not changed it requires that the UTC ...

Page 29: ...nt placed too close together inadequate ventilation and inaccessible panels can cause system malfunctions and shutdowns and can make appliance maintenance difficult When planning the site layout and equipment locations keep in mind the following precautions to help avoid equipment failures and reduce the possibility of environmentally caused shutdowns If you are experiencing shutdowns or unusually...

Page 30: ...se guidelines when working on equipment powered by electricity Before beginning procedures that require access to the interior of the chassis locate the emergency power off switch for the room in which you are working Then if an electrical accident occurs you can act quickly to turn off the power Do not work alone if potentially hazardous conditions exist anywhere in your work space Never assume t...

Page 31: ...selectable operating range Refer to the label on the chassis for the correct AC input power requirement Several types of AC input power supply cords are available make sure you have the correct type for your site Install a UPS for your site Install proper site grounding facilities to guard against damage from lightning or power surges Working in an ESD Environment Work on ESD sensitive parts only ...

Page 32: ...t remove the component from the ESD packaging until you are ready to install it Cable Pinouts This section describes pinout information for 10 100 1000BaseT console and RJ 45 to DB 9 ports and the MGMT 10 100 Ethernet port This section contains the following topics 10 100Base TX and 10 100 1000Base TX Connectors page 1 20 Console Port RJ 45 page 1 22 RJ 45 to DB 9 or DB 25 page 1 23 10 100Base TX ...

Page 33: ...nectors and support MDI and MDI X connectors Ethernet ports normally use MDI connectors and Ethernet ports on a hub normally use MDI X connectors An Ethernet straight through cable is used to connect an MDI to an MDI X port A cross over cable is used to connect an MDI to an MDI port or an MDI X to an MDI X port Figure 1 5 shows the 10 100Base TX RJ 45 port pinouts Figure 1 5 10 100 Port Pinouts Fi...

Page 34: ...n page 1 22 shows the RJ 45 cable Figure 1 7 RJ 45 Cable To identify the RJ 45 cable type hold the two ends of the cable next to each other so that you can see the colored wires inside the ends as shown in Figure 1 8 Figure 1 8 RJ 45 Cable Identification Examine the sequence of colored wires to determine the type of RJ 45 cable as follows Straight through The colored wires are in the same sequence...

Page 35: ...124 01 Chapter 1 Introducing the Sensor Cable Pinouts RJ 45 to DB 9 or DB 25 Table 1 3 lists the cable pinouts for RJ 45 to DB 9 or DB 25 Table 1 3 Cable Pinouts for RJ 45 to DB 9 or DB 25 Signal RJ 45 Pin DB 9 DB 25 Pin RTS 8 8 DTR 7 6 TxD 6 2 GND 5 5 GND 4 5 RxD 3 3 DSR 2 4 CTS 1 7 ...

Page 36: ...1 24 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 1 Introducing the Sensor Cable Pinouts ...

Page 37: ...hich is no longer sold Note If you purchased an IDS 4210 before July 2003 you must upgrade the memory to 512 MB to install Cisco IPS 5 0 For more information see Upgrading the Memory page 2 3 Note IDS 4210 does not support inline IPS mode This chapter contains the following sections Front and Back Panel Features and Indicators page 2 2 Upgrading the Memory page 2 3 Installing IDS 4210 page 2 5 Ins...

Page 38: ...N 1 activity link indicator LAN 2 activity link indicator 2 1 Table 2 1 Front Panel Indicators Indicator Color Function Power Green Lights up when the system is connected to an AC power source blinks when the system is in sleep mode System fault Amber Blinks during system startup or when a system fault is detected Hard disk drive activity Green Blinks when hard disk drive activity occurs LAN1 acti...

Page 39: ...teps by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor To upgrade the memory follow these steps Step 1 Log in to the CLI Step 2 Prepare the appliance to be powered off sensor reset powerdown Wait for the power down message before continuing with Step 3 Note You can also power down the sensor from ID...

Page 40: ...e ejector tabs on either side of the DIMM socket Press down and out on tabs to open the slot in the socket Step 9 Install the new DIMM by positioning the DIMM into the socket and pressing it into place Note Do not force the DIMM into the socket Alignment keys on the DIMM ensure that it only fits in the socket one way If you need additional leverage you can gently press down on the DIMM with your t...

Page 41: ...Position IDS 4210 on the network Step 2 Attach the power cord to IDS 4210 and plug it in to a power source a UPS is recommended Note When you first plug an IDS 4210 into a power source it powers on momentarily and then powers off leaving the NIC link lights lit This is normal behavior Press the power switch to boot the system into operation Step 3 Use the dual serial communication cable PN 72 1847...

Page 42: ...pgrading the Memory page 2 3 Caution You must upgrade the memory on IDS 4210 to a minimum of 512 MB before you can install the most recent Cisco IPS software Step 6 Power on IDS 4210 Step 7 Initialize IDS 4210 For the procedure see Initializing the Sensor page 9 2 Step 8 Upgrade IDS 4210 to the latest Cisco IPS software For the procedure see Obtaining Cisco IPS Software page 10 1 You are now ready...

Page 43: ...isco IDS 4210 bezel Power cable Network patch cable Computer interconnection cable Dual serial communication cable Rack mounting brackets Documentation and software Cisco IDS recovery upgrade CD Cisco Documentation CD Cisco Intrusion Prevention System Documentation Roadmap 5 0 Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor Instal...

Page 44: ...2 Mark the upper and lower mounting positions on the two posts Step 3 Locate one of the two brackets and align it over the two threaded holes on the side of IDS 4210 Figure 2 3 Figure 2 3 Installing Center Mount Brackets Step 4 Secure the bracket to IDS 4210 chassis using two screws Figure 2 3 Step 5 Repeat Step 4 to install the remaining bracket on the other side of IDS 4210 Step 6 Lift IDS 4210 ...

Page 45: ... front mount bracket assembly kit and tools to install the front mount brackets in a two post open frame relay rack Two chassis support brackets Two rack mounting brackets Six screws 2 Phillips screwdriver Note The front mount bracket assembly is not intended for use as a slide rail system The server must be firmly attached to the rack as shown in Figure 2 4 Figure 2 4 Front Mount Brackets 55150 L...

Page 46: ...e IDS 4210 To install the front mount brackets follow these steps Step 1 Make sure IDS 4210 is turned off and is not plugged in to an electrical outlet Step 2 Use the screws provided to attach one chassis support bracket to each side of IDS 4210 Use three screws on each side Step 3 Use the screws provided with the rack to attach the rack mounting brackets to the rack Step 4 Slide the chassis suppo...

Page 47: ...bering for onboard interfaces was reversed from IDS 4 x to IPS 5 0 and later The port naming convention changed within the IPS application only the physical chassis label remains unchanged To correlate chassis port labels to software port names refer to Figure 3 2 on page 3 2 Introducing IDS 4215 IDS 4215 can monitor up to 80 Mbps of aggregate traffic and is suitable for T1 E1 and T3 environments ...

Page 48: ...ort labels to software port names refer to Figure 3 2 The built in Ethernet ports have three indicators per port and the 4FE card has two indicators per port Figure 3 3 on page 3 3 shows the back panel indicators POWER ACT NETWORK CISCO IDS 4215 Intrusion Detection Sensor 87925 Table 3 1 Front Panel Indicators Indicator Description POWER Lights up when power supply is running ACT Lights up when ID...

Page 49: ...t is connected to another Ethernet port and traffic can be passed between them ACT Blinks when network traffic is being received on the port 4FE Card LINK activity Lights up when the port is connected to another operational Ethernet port but no traffic is being passed between them blinks off when Ethernet packets are being received 100 Mbps Lights up when the port is running in 100 Mbps mode off w...

Page 50: ... accompanied this device Statement 1071 SAVE THESE INSTRUCTIONS Warning Only trained and qualified personnel should be allowed to install replace or service this equipment Statement 1030 IDS 4215 accessories kit contains the following DB25F RJ45F adaptor DB9F RJ45F adaptor Rubber mounting feet Rack mounting kit screws washers and metal bracket Steady state 50W Maximum peak 65W Maximum heat dissipa...

Page 51: ...hey also absorb vibration so that the hard disk drive is less impacted Rack Mounting Warning To prevent bodily injury when mounting or servicing this unit in a rack you must take special precautions to ensure that the system remains stable The following guidelines are provided to ensure your safety This unit should be mounted at the bottom of the rack if it is the only unit in the rack When mounti...

Page 52: ...er see Removing and Replacing the Chassis Cover page 3 11 For information on installing the 4FE card in IDS 4215 see Installing the 4FE Card page 3 22 To rack mount IDS 4215 follow these steps Step 1 Use the supplied screws to attach the bracket to IDS 4215 You can attach the brackets to the holes near the front of IDS 4215 Step 2 Attach IDS 4215 to the equipment rack 104185 CISCO IDS 4215 Intrusi...

Page 53: ...erial port for your computer and the other end is the RJ 45 connector Note Use the console port to connect to a computer to enter configuration commands Locate the serial cable from the accessory kit The serial cable assembly consists of a 180 rollover cable with RJ 45 connectors DB 9 connector adapter PN 74 0495 01 and DB 25 connector adapter PN 29 0810 01 Note You can use a 180 rollover or strai...

Page 54: ... Power on IDS 4215 Make sure the BIOS version is 5 1 7 and the ROMMON version is 1 4 before upgrading IDS 4215 to 5 0 For the procedure see Upgrading the BIOS and ROMMON page 3 9 Note The BIOS ROMMON upgrade is necessary to install the 4 1 4 system image but not the 5 0 2 system image The 5 0 2 system image is smaller than the size limitation that applied to earlier versions of ROMMON while the 4 ...

Page 55: ...OS of IDS 4215 to version 5 1 7 and the ROMMON to version 1 4 To upgrade the BIOS and ROMMON on IDS 4215 follow these steps Step 1 Download the BIOS ROMMON upgrade utility IDS 4215 bios 5 1 7 rom 1 4 bin to the TFTP root directory of a TFTP server that is accessible from IDS 4215 For the procedure for locating software on Cisco com see Obtaining Cisco IPS Software page 10 1 Note Make sure you can ...

Page 56: ...mon server ip_address Step 7 Specify the gateway IP address rommon gateway ip_address Step 8 Verify that you have access to the TFTP server by pinging it from the local Ethernet port rommon ping server_ip_address rommon ping server Step 9 Specify the filename on the TFTP file server from which you are downloading the image rommon file filename Example rommon file IDS 4215 bios 5 1 7 rom 1 4 bin No...

Page 57: ...er equipment and they direct the flow of cooling air through the chassis Do not operate the system unless all cards faceplates front covers and rear covers are in place Statement 1029 Warning This unit might have more than one power supply connection All connections must be removed to de energize the unit Statement 1028 Caution Follow proper safety procedures when removing and replacing the chassi...

Page 58: ...re information see Working in an ESD Environment page 1 19 Step 6 Remove the screws from the back of the chassis Step 7 With the front of IDS 4215 facing you push the top panel back one inch Step 8 Pull the top panel up and put it in a safe place 24305 DO NOT INSTALL INTERFACE CARDS WITH POWER APPLIED CONSOLE 10 100 ETHERNET 0 0 Link FDX FDX 100 Mbps Link 100 Mbps FAILOVER 10 100 ETHERNET 0 0 PIX ...

Page 59: ...er follow these steps Step 1 Place the chassis on a secure surface with the front panel facing you Step 2 Hold the top panel so the tabs at the rear of the top panel are aligned with the chassis bottom Step 3 Lower the front of the top panel onto the chassis making sure that the top panel side tabs fit under the chassis side panels Step 4 Slide the top panel toward the front making sure that the t...

Page 60: ...or service this equipment Statement 1030 Caution Only use the replacement IDE hard disk drive from Cisco We cannot guarantee that other hard disk drives will operate properly with the IPS Caution Follow proper safety procedures when removing and replacing the hard disk drive by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 420...

Page 61: ... off sensor reset powerdown Wait for the power down message before continuing with Step 3 Note You can also power down IDS 4215 using IDM Step 3 Power off IDS 4215 Step 4 Remove the power cord and other cables from IDS 4215 Step 5 Place IDS 4215 in an ESD controlled environment For more information see Working in an ESD Environment page 1 19 Step 6 Remove the chassis cover For the procedure see Re...

Page 62: ...Drive To replace the hard disk drive in IDS 4215 follow these steps Step 1 Place IDS 4215 in an ESD controlled environment For more information see Working in an ESD Environment page 1 19 Step 2 Align the hard disk drive connector with the two guide pins on the riser card Step 3 Push the hard disk drive straight into the riser card connector Do not lift or wiggle the hard disk drive side to side P...

Page 63: ...ash device in IDS 4215 It contains the following topics Removing the Compact Flash Device page 3 17 Replacing the Compact Flash Device page 3 18 Removing the Compact Flash Device To remove the compact flash device from IDS 4215 follow these steps Step 1 Log in to the CLI Step 2 Prepare IDS 4215 to be powered off sensor reset powerdown Wait for the power down message before continuing with Step 3 N...

Page 64: ... Device Step 8 Grasp the compact flash device and carefully remove it from the connector on the riser card Replacing the Compact Flash Device To replace the compact flash device in IDS 4215 follow these steps Step 1 Place IDS 4215 in an ESD controlled environment For more information see Working in an ESD Environment page 1 19 87928 Compact Flash memory card ...

Page 65: ... see Replacing the Hard Disk Drive page 3 16 Step 5 Replace the chassis cover For the procedure see Replacing the Chassis Cover page 3 13 Removing and Installing the 4FE Card Warning Only trained and qualified personnel should be allowed to install replace or service this equipment Statement 1030 Caution Follow proper safety procedures when installing and removing the 4FE card by reading the safet...

Page 66: ...se steps Step 1 Log in to the CLI Step 2 Prepare IDS 4215 to be powered off sensor reset powerdown Wait for the power down message before continuing with Step 3 Note You can also power down IDS 4215 using IDM Step 3 Power off IDS 4215 Step 4 Remove the power cord and other cables from IDS 4215 Step 5 Place IDS 4215 in an ESD controlled environment For more information see Working in an ESD Environ...

Page 67: ...ing the 4FE Card Step 9 Grasp the 4FE card and pull it out of the slot and through the cage opening Step 10 Replace the lower slot cover from the back cover plate Step 11 Replace the back cover plate and tighten the two captive screws Step 12 Replace the chassis cover For the procedure see Replacing the Chassis Cover page 3 13 87948 87949 ...

Page 68: ...down message before continuing with Step 2 Step 2 Power off IDS 4215 Step 3 Remove the power cord and other cables from IDS 4215 Step 4 Place IDS 4215 in an ESD controlled environment For more information see Working in an ESD Environment page 1 19 Step 5 Remove the chassis cover For the procedure see Removing the Chassis Cover page 3 11 Step 6 Loosen the two captive screws from the back cover pla...

Page 69: ...n the back cover plate Step 10 Tighten the single captive screw to hold the connecting flange of the 4FE card to the back cover plate and tighten the captive screws to attach the back cover plate to the appliance Step 11 Replace the chassis cover For the procedure see Replacing the Chassis Cover page 3 13 You will need to assign the new interfaces FastEthernet1 0 FastEthernet1 1 FastEthernet1 2 an...

Page 70: ...3 24 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 3 Installing IDS 4215 Removing and Installing the 4FE Card ...

Page 71: ...5 and IDS 4250 page 4 7 Installing the Accessories page 4 9 Introducing IDS 4235 and IDS 4250 You can deploy IDS 4235 at 250 Mbps to provide protection in switched environments and on multiple T3 subnets With the support of 10 100 1000 interfaces you can also deploy it on partially utilized gigabit links The sensing interface and the command and control interface are both 10 100 1000BASE TX You ca...

Page 72: ... options for inline functionality beyond the 4FE card For the procedure for installing optional PCI cards see Installing Optional PCI Cards page 4 12 Note The 500 Mbps performance for IDS 4250 is based on the following conditions 2700 new TCP connections per second 2700 HTTP transactions per second average packet size of 595 bytes system running Cisco IPS 5 0 software Or you can order IDS 4250 XL ...

Page 73: ...nel indicators for IDS 4235 and IDS 4250 1 2 Not used 87958 1 2 System status indicator blue and amber NIC2 indicator Hard drive indicator Latch for System door Video connector Power button Identification button Keyboard connector CD drive Hard drive Diskette drive NIC1 indicator Table 4 1 Front Panel Indicators LED Indicator Icon Description Blue and amber system status indicator The blue system ...

Page 74: ...nnected to AC power and an error has been detected the amber system status indicator will flash regardless of whether the system has been powered on 132363 Command and Control interface GigabitEthernet0 1 Sensing interface GigabitEthernet0 0 Main power Redundant power optional PCI expansion card slots Sensing interface 4250 SX GigabitEthernet2 0 4250 XL GigabitEthernet2 0 GigabitEthernet2 1 4250 4...

Page 75: ...SCSI Hard Disk Drive page 4 15 The replacement hard disk drive is shipped blank from the factory You must reimage it For the procedure refer to Upgrading Downgrading and Installing System Images Upgrading the BIOS If the BIOS version is earlier than A04 on IDS 4235 or IDS 4250 you must upgrade the BIOS before you install Cisco IPS 5 0 software Caution Do not apply this BIOS upgrade to appliance mo...

Page 76: ...e on the Windows system to generate the BIOS update diskette Step 4 Insert the new BIOS update diskette in IDS 4235 Caution Do not power off or manually reboot the appliance during Step 5 Caution You cannot upgrade the BIOS from a console connection You must connect a keyboard and monitor to the appliance so that you can see the output on the monitor Step 5 Boot the appliance and follow the on scr...

Page 77: ...etwork Step 2 Attach the power cord to IDS 4235 and plug it in to a power source a UPS is recommended Step 3 Use the dual serial communication cable PN 72 1847 01 included in the accessory kit to attach a laptop to the COM1 serial port of the appliance see Table 4 3 for a list of the terminal settings or connect a keyboard and monitor to the appliance Caution We recommend that you use the dual ser...

Page 78: ...e the optional 4FE card sensing ports GigabitEthernet1 0 or GigabitEthernet2 0 depending on the slot it is installed in is the optional copper NIC sensing port with one TX card installed Only one optional TX adapter is supported Step 5 Power on the appliance Caution If the BIOS version is earlier than A04 you must apply the BIOS upgrade before installing Cisco IPS 5 0 on the appliance For the proc...

Page 79: ...rface 5 0 Installing the Accessories This section describes the contents of the IDS 4235 and IDS 4250 accessories package and how to install the accessories It contains these topics Accessories Package Contents page 4 9 Installing and Removing the Bezel page 4 10 Installing the Power Supply page 4 10 Installing Optional PCI Cards page 4 12 Disconnecting the XL Card Fiber Ports page 4 14 Removing a...

Page 80: ...ving the Bezel Figure 4 3 shows the Cisco bezel that you can install on IDS 4235 and IDS 4250 Figure 4 3 Cisco Bezel To install and remove the bezel on IDS 4235 and IDS 4250 follow these steps Step 1 To install the bezel follow these steps a Align the right side tab on the bezel with the slot on the appliance mounting tab b Press the left side of the bezel into place on the appliance Step 2 To rem...

Page 81: ...f the cover using the tab at the back of the appliance Step 7 Place the new power supply cooling fan in the back of the power supply bay see Figure 4 4 on page 4 12 Note Ensure that the finger guard on the fan faces the back of the appliance and that the fan power cable is pointing toward the fan power connector on the system board see Figure 4 4 on page 4 12 Step 8 Route the fan power cable throu...

Page 82: ...rew at the front of the chassis Step 12 Connect the new system power cable to the power supply 2 cable connector PS2 on the back panel of the appliance Installing Optional PCI Cards You can install the following optional PCI cards in IDS 4235 and IDS 4250 The optional PCI cards provide additional sensing interfaces SX card 1000BASE SX sensing interface part number IDS 4250 SX INT You can install o...

Page 83: ...trusion Prevention System 4200 Series Appliance Sensor Note None of the PCI cards are supported as a command and control interface To install the PCI card follow these steps Step 1 Log in to the CLI Step 2 Prepare the appliance to be powered off sensor reset powerdown Wait for the power down message before continuing with Step 3 Note You can also power down the appliance from IDM Step 3 Power off ...

Page 84: ...he fiber ports are not connected the first time you boot the appliance after you have installed the XL card For more information see Disconnecting the XL Card Fiber Ports page 4 14 Step 13 Assign the new interfaces SX card 2 SX GigabitEthernet1 0 and GigabitEthernet2 0 TX card TX onboard TX PCI GigabitEthernet0 0 GigabitEthernet1 0 or GigabitEthernet2 0 XL card GigabitEthernet2 0 and GigabitEthern...

Page 85: ...d Replacing the SCSI Hard Disk Drive IDS 4235 and IDS 4250 has a removable SCSI hard disk drive You can replace the hard disk drive in case of drive failure Or you can order a spare drive part number IDS SCSI apply your configuration and ship the drive to a remote site The administrator at the remote site can then install the configured drive Caution Follow proper safety procedures when removing a...

Page 86: ...Replacing the SCSI Hard Disk Drive page 4 17 Removing the SCSI Hard Disk Drive To remove the SCSI hard disk drive follow these steps Step 1 Log in to the CLI Step 2 Prepare the appliance to be powered off sensor reset powerdown Wait for the power down message before continuing with Step 3 Note You can also power down the sensor from IDM Step 3 Power off the appliance by pressing the power button S...

Page 87: ...o lock the drive into place Step 8 Power on the appliance by pressing the power button Step 9 Replace the front bezel For the procedure see Installing and Removing the Bezel page 4 10 Note Replacement drives are shipped without an image You must reimage the hard disk drive For more information refer to Upgrading Downgrading and Installing System Images Four Post Rack Installation You can install t...

Page 88: ...k s front vertical rails where you want to locate the bottom of the appliance that you are installing in the rack cabinet Note The bottom of each 1 RU space is at the middle of the narrowest metal area between holes marked with a horizontal line on some rack cabinets Step 3 Place a mark 44 mm 1 75 inches above the original mark you made or count up three holes and mark the rack s front vertical ra...

Page 89: ...ge until the mounting holes align with their respective holes on the back vertical rail Step 7 Install three 10 32 x 0 5 inch flange head Phillips screws in the mounting flange s holes to secure the slide assembly to the back vertical rail Step 8 Repeat Steps 3 through 7 for the remaining slide assembly on the other side of the rack Step 9 Ensure that the slide assemblies are mounted at the same p...

Page 90: ...y yourself Step 2 Remove the appliance front bezel by pressing the left side tab and pulling Step 3 Lift the appliance into position in front of the extended slides Step 4 Place one hand on the front bottom of the appliance and the other hand on the back bottom of the appliance Step 5 Tilt the back of the appliance down while aligning the back shoulder screws on the sides of the appliance with the...

Page 91: ... Step 9 Push in and turn the captive thumbscrews on each side of the front chassis panel to secure the appliance to the rack Installing the Cable Management Arm You can install the cable management arm on the right or left of the rack cabinet This procedure describes installing the cable management arm in the right side of the rack cabinet as viewed from the back Tip If you are installing several ...

Page 92: ...e assembly see Figure 4 8 on page 4 23 Note The latch clicks when locked Step 3 Push the tab on the remaining free end the front into a mating latch on the inner segment of the slide assembly see Figure 4 8 on page 4 23 Note The latch clicks when locked Step 4 Install a stop block on the latch on the end of the opposite slide assembly see Figure 4 8 on page 4 23 Note The stop block prevents the ba...

Page 93: ...n the cable management arm by lifting the center of the wire over the top of the embossed round button on the front of the forward part of the arm and lifting the wire over the top of a similar round button on the back part of the arm The wire cover swings open to enable cables to be routed within the arm Step 7 Route the status indicator end of the cable assembly through the cable management arm ...

Page 94: ...k panel Note Although the strain relief can accommodate power cords with a bend radius of up to 19 millimeters 0 75 inch use only the power cords provided with the appliance Step 9 Install a tie wrap through the slot on the strain relief tab see Figure 4 10 on page 4 25 Step 10 Bend the power cords back beside the power receptacle housing and form a tight loop Install the strain relief tie wrap lo...

Page 95: ...to their respective connectors on the appliance back panel For details on the cable connections see Installing IDS 4235 and IDS 4250 page 4 7 Step 2 Route the power and I O cables through the cable management arm using four loosely secured releaseable tie wraps two in the middle and on each end of the cable management arm Note Do not fully tighten the tie wraps at this time see Figure 4 11 on page...

Page 96: ...ie wraps and the wire covers over the cable management arm Note As you pull the appliance out to its farthest extension the slide assemblies lock in the extended position To push the appliance back into the rack press the slide release latch on the side of the slide and then slide the appliance completely into the rack Step 4 Slide the appliance in and out of the rack to verify that the cables are...

Page 97: ... rack manufacturer Warning Do not attempt to install the appliance into a two post open frame relay rack that has not been securely anchored in place Damage to the appliance and injury to yourself and to others may result This section contains these topics Recommended Tools and Supplies page 4 27 Rack Kit Contents page 4 27 Marking the Rack page 4 28 Installing the Slide Assemblies in the Rack pag...

Page 98: ... 0 625 inches and 0 5 inches Installing the Slide Assemblies in the Rack You can install the slide assemblies in a two post open frame relay rack having either universal hole spacing or wide hole spacing You can install the 1 RU slide assemblies in either a flush mount or center mount configuration This section contains these topics Center Mount Installation page 4 28 Flush Mount Installation page...

Page 99: ...are facing upward see Figure 4 13 on page 4 30 Note To prepare the slides for flush mount installation remove the front mounting bracket rotate it 180 degrees and reinstall it on the opposite slide assembly Step 2 Using a 2 Phillips screwdriver and an 11 32 inch wrench or nut driver remove two 12 24 x 0 5 inch pan head Phillips screws two nuts and two shoulder washers from each front center bracke...

Page 100: ...ating the Front Mounting Bracket for Flush Mount Installation Step 7 Repeat Steps 4 though 6 to configure the other slide assembly Step 8 Holding the left slide assembly into position in the two post rack at the location you marked adjust the extended rear bracket tightly against the back of the vertical two post rack and secure it to the two post rail with two 12 24 x 0 5 inch pan head Phillips s...

Page 101: ...sco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 4 Installing IDS 4235 and IDS 4250 Installing the Accessories Figure 4 14 Installing the Slide Assemblies for Flush Mount Configuration 78108 ...

Page 102: ...4 32 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 4 Installing IDS 4235 and IDS 4250 Installing the Accessories ...

Page 103: ...terfaces and is inline ready It replaces IDS 4235 There are four 10 100 1000 copper sensing interfaces Note The 250 Mbps performance for IPS 4240 is based on the following conditions 2500 new TCP connections per second 2500 HTTP transactions per second average packet size of 445 bytes and the system running Cisco IPS 5 0 software The 250 Mbps performance is traffic combined from all four sensing i...

Page 104: ...t view of IPS 4240 and IPS 4255 Figure 5 1 IPS 4240 IPS 4255 Front Panel Features Table 5 1 describes the front panel indicators on IPS 4240 and IPS 4255 114003 PWR STATUS FLASH Cisco IPS 4240 series Intrusion Prevention Sensor Power Flash Status Table 5 1 Front Panel Indicators Indicator Description Power Off indicates no power Green when the power supply is running Status Blinks green while the ...

Page 105: ...ndicators 114002 LINK SPD 2 LINK SPD 1 LINK SPD 0 LINK SPD 3 MGMT USB2 USB1 FLASH CONSOLE AUX P O W E R S T A T U S F L A S H Power connector Power switch Indicator light Auxiliary port not used Serial console port External compact flash device not used Compact flash device indicator Status indicator Power indicator GigabitEthernet0 0 USB ports not used Management0 0 114417 USB2 USB1 LNK SPD 3 LNK...

Page 106: ...pansion One chassis expansion slot not used Power Autoswitching 100V to 240V AC Frequency 47 to 63 Hz single phase Operating current 3 0 A Steady state 150 W Maximum peak 190 W Maximum heat dissipation 648 BTU hr full power usage 65 W Environment Temperature Operating 32 F to 104 F 0 C to 40 C Nonoperating 13 F to 158 F 25 C to 70 C Relative humidity Operating 5 to 95 noncondensing Nonoperating 5 ...

Page 107: ...uitry and be familiar with standard practices for preventing accidents Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device Statement 1071 SAVE THESE INSTRUCTIONS Warning Only trained and qualified personnel should be allowed to install replace or service this equipment Statement 1030 IPS 4240 and IPS ...

Page 108: ...teps Step 1 Attach the bracket to the appliance using the supplied screws You can attach the brackets to the holes near the front of the appliance Note The top hole on the left bracket is a banana jack you can use for ESD grounding purposes when you are servicing the system You can use the two threaded holes to mount a ground lug to ground the chassis 114016 Cisco IPS 4240 series Intrusion Prevent...

Page 109: ...ures when performing these steps by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor To install IPS 4240 and IPS 4255 on the network follow these steps Step 1 Position the appliance on the network Step 2 Place the appliance in a rack if you are rack mounting it For the procedure see Rack Mounting page...

Page 110: ...ect the appropriate cable from the console port on the appliance to a port on the terminal server See Connecting an Appliance to a Terminal Server page 1 9 for the instructions for setting up a terminal server Step 5 Connect the RJ 45 connector to the console port and connect the other end to the DB 9 or DB 25 connector on your computer Step 6 Attach the network cables GigabitEthernet0 0 GigabitEt...

Page 111: ...he procedure see Obtaining Cisco IPS Software page 10 1 You are now ready to configure intrusion prevention on the appliance For More Information For the procedure for using HTTPS to log in to IDM refer to Logging In to IDM For the procedures for configuring intrusion prevention on your sensor refer to the following documents Installing and Using Cisco Intrusion Prevention System Device Manager 5 ...

Page 112: ...5 10 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 5 Installing IPS 4240 and IPS 4255 Installing IPS 4240 and IPS 4255 ...

Page 113: ...able 6 1 lists the specifications for AIP SSM Memory Specifications Table 6 2 lists the memory specifications for AIP SSM Table 6 1 IDSM 2 Specifications Specification Description Dimensions H x W x D 1 70 x 6 80 x 11 00 inches Weight Minimum 2 50 lb Maximum 3 00 lb1 1 2 70 lbs for 45 c heatsink approximately 3 00 lbs for the 55c maximum Operating temperature 32 to 104 F 0 to 40 C Nonoperating tem...

Page 114: ...Cisco Intrusion Prevention System Software 5 0 2 or higher DES or 3DES enabled Indicators Figure 6 1 shows the AIP SSM indicators Figure 6 1 AIP SSM Indicators Table 6 3 describes the AIP SSM indicators 119644 P W R S T A T U S S P E E D L I N K A C T 1 2 3 4 Table 6 3 AIP SSM Indicators LED Color State Description 1 PWR Green On The system has power 2 STATUS Green Flashing The system is booting S...

Page 115: ...ent page 1 19 Step 3 Remove the two screws at the left back end of the chassis and remove the slot cover Step 4 Insert AIP SSM through the slot opening Step 5 Attach the screws to secure AIP SSM to the chassis Step 6 Power on ASA by pushing the power switch at the back of the chassis Step 7 Check the indicators If AIP SSM is properly installed the POWER indicator is solid green and the STATUS indi...

Page 116: ...g the Command Line Interface 5 0 Verifying the Status of AIP SSM You can use the show module 1 command to verify that AIP SSM is up and running To verify the status of AIP SSM follow these steps Step 1 Log in to ASA Step 2 Verify the status of AIP SSM asa show module 1 Mod Card Type Model Serial No 1 ASA 5500 Series Security Services Module 20 ASA SSM 20 P2B000005D0 Mod MAC Address Range Hw Versio...

Page 117: ... information see Working in an ESD Environment page 1 19 Step 6 Remove the two screws at the left back end of the chassis and remove the slot cover Step 7 Remove AIP SSM and set it aside Step 8 If you need to replace the existing AIP SSM insert the new AIP SSM through the slot opening Note Do not replace AIP SSM with a different model The ASA will not recognize it Step 9 Attach the screws to secur...

Page 118: ...6 6 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 6 Installing AIP SSM Installation and Removal Instructions ...

Page 119: ... 2 Using the TCP Reset Interface page 7 3 Front Panel Features page 7 3 Installation and Removal Instructions page 7 4 Enabling Full Memory Tests page 7 12 Resetting IDSM 2 page 7 13 Powering IDSM 2 Up and Down page 7 15 Specifications Table 7 1 lists the specifications for IDSM 2 Table 7 1 IDSM 2 Specifications Specification Description Dimensions H x W x D 1 18 x 15 51 x 16 34 in 30 x 394 x 415 ...

Page 120: ...mbination is not supported Supervisor 2 alone without PFC2 or MSFC2 is not supported by Catalyst software or Cisco IOS software Table 7 2 Supported Configurations Supervisor SPAN RSPAN VACL Capture VACL Blocking RACL Blocking Catalyst Software Cisco IOS Software Supervisor 1A X 7 5 1 Supervisor 1A with PFC1 X X X 7 5 1 Supervisor 1A with PFC1 or MSFC1 X X X1 1 VACL blocking by IDSM 2 is supported ...

Page 121: ...s the IDSM 2 states as indicated by the status indicator To prevent corruption of IDSM 2 you must use the shutdown command to shut it down properly For instructions on properly shutting down IDSM 2 see Step 1 of Removing IDSM 2 page 7 10 If IDSM 2 does not respond firmly press the Shutdown button on the faceplate and wait for the Status indicator to turn amber The shutdown procedure may take sever...

Page 122: ...following topics Required Tools page 7 4 Slot Assignments page 7 4 Installing IDSM 2 page 7 5 Verifying Installation page 7 8 Removing IDSM 2 page 7 10 Required Tools Note You must have at least one supervisor engine running in the Catalyst 6500 series switch with IDSM 2 For more information refer to the appropriate Catalyst 6500 Series Switch Installation Guide You need the following tools to ins...

Page 123: ...ing SPAN but the copy capture feature with security VACLs requires that the supervisor engine has the PFC or the MSFC option Installing IDSM 2 To install IDSM 2 in the Catalyst 6500 series switch follow these steps Step 1 Make sure that you take necessary ESD precautions Warning During this procedure wear grounding wrist straps to avoid ESD damage to the card Do not touch the backplane with your h...

Page 124: ...UPERVISOR I WS X6K SUP1 ST AT US SY ST EM AC TI VE PW R M G M T RES ET CONSOLE Switch Load 100 1 DTE DCE PCMCIA EJECT PORT 1 LI NK PORT 2 LI NK 8 PORT GIGABIT ETHERNET WS X6408 1 LI N K ST AT U S 2 3 4 5 6 7 8 LI N K LI N K LI N K LI N K LI N K LI N K LI N K 8 PORT GIGABIT ETHERNET WS X6408 1 LI N K ST AT U S 2 3 4 5 6 7 8 LI N K LI N K LI N K LI N K LI N K LI N K LI N K 8 PORT GIGABIT ETHERNET WS...

Page 125: ...AT U S 2 3 4 5 6 7 8 LI N K LI N K LI N K LI N K LI N K LI N K LI N K 8 PORT GIGABIT ETHERNET WS X6408 1 LI N K ST AT U S 2 3 4 5 6 7 8 LI N K LI N K LI N K LI N K LI N K LI N K LI N K 8 PORT GIGABIT ETHERNET WS X6408 1 LI N K ST AT U S 2 3 4 5 6 7 8 LI N K LI N K LI N K LI N K LI N K LI N K LI N K 24 PORT 100FX WS X6224 ST AT US 24 PORT 100FX WS X6224 24 PORT 100FX WS X6224 ST AT US ST AT US 1 LI...

Page 126: ...2 For the procedure refer to Configuring the Catalyst 6500 Series Switch for Command and Control Access to IDSM 2 Step 13 Upgrade IDSM 2 to the most recent Cisco IDS software For the procedure see Obtaining Cisco IPS Software page 10 1 Step 14 Set up IDSM 2 to capture IPS traffic either in promiscuous mode or inline mode For the procedure refer to Configuring IDSM 2 You are now ready to configure ...

Page 127: ...er show module Mod Ports Card Type Model Serial No 1 48 48 port 10 100 mb RJ 45 ethernet WS X6248 RJ 45 SAD0401012S 2 48 48 port 10 100 mb RJ45 WS X6348 RJ 45 SAL04483QBL 3 48 SFM capable 48 port 10 100 1000mb RJ45 WS X6548 GE TX SAD073906GH 6 16 SFM capable 16 port 1000mb GBIC WS X6516A GBIC SAL0740MMYJ 7 2 Supervisor Engine 720 Active WS SUP720 3BXL SAD08320L2T 9 1 1 port 10 Gigabit Ethernet Mod...

Page 128: ...sts Removing IDSM 2 This procedure describes how to remove IDSM 2 from the Catalyst 6500 series switch Warning Only trained and qualified personnel should be allowed to install replace or service this equipment Statement 1030 Caution Before removing IDSM 2 be sure to perform the shutdown procedure If IDSM 2 is not shut down correctly you could corrupt the software Warning During this procedure wea...

Page 129: ...he right lever to the right to release IDSM 2 from the backplane connector Step 5 As you pull IDSM 2 out of the slot place one hand under the carrier to support it Caution Do not touch the printed circuit boards or connector pins Step 6 Carefully pull IDSM 2 straight out of the slot keeping your other hand under the carrier to guide it Note Keep IDSM 2 at a 90 degree orientation to the backplane h...

Page 130: ...talyst Software Use the set boot device boot_sequence module_number mem test full command to enable a full memory test The full memory test takes about 12 minutes To enable a full memory test follow these steps Step 1 Log in to the console Step 2 Enter privileged mode console enable Step 3 Enable the full memory test console enable set boot dev cf 1 3 mem test full Device BOOT variable cf 1 Memory...

Page 131: ...reset issued for module 9 router Step 3 Reset IDSM 2 The full memory test runs Note A full memory test takes more time to complete than a partial memory test Resetting IDSM 2 If for some reason you cannot communicate with IDSM 2 through SSH Telnet or the switch session command you must reset IDSM 2 from the switch console The reset process requires several minutes This section describes how to res...

Page 132: ...d after three reset attempts boot the maintenance partition and perform the instructions for restoring the application partition Cisco IOS Software Use the hw module module slot_number reset hdd 1 cf 1 command in EXEC mode to reset IDSM 2 The reset process takes several minutes IDSM 2 boots into the boot partition you specify If you do not specify the boot string the default boot string is used To...

Page 133: ...hut down but does not remove power from IDSM 2 To power IDSM 2 up and down from the switch CLI follow these steps Step 1 Log in to the console Step 2 Enter privileged mode console enable Step 3 Power up IDSM 2 console enable set module power up module_number Step 4 Power down IDSM 2 console enable set module power down module_number Cisco IOS Software Once you power off IDSM 2 you must power it up...

Page 134: ...alling Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 7 Installing IDSM 2 Powering IDSM 2 Up and Down Step 4 Power down IDSM 2 router config no power enable module module_number ...

Page 135: ...7 17 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 7 Installing IDSM 2 Powering IDSM 2 Up and Down ...

Page 136: ...his chapter contains the following sections Specifications page 8 1 Software and Hardware Requirements page 8 2 Hardware Architecture page 8 3 Front Panel Features page 8 4 Interfaces page 8 4 Installation and Removal Instructions page 8 5 Specifications Table 8 1 lists the specifications for NM CIDS Table 8 1 NM CIDS Specifications Specification Description Dimensions H x W x D 1 55 x 7 10 x 7 2 ...

Page 137: ...ormance can be reduced and duplicate alarms can be generated we recommend that you do not run Cisco IOS IDS and Cisco IPS 5 0 simultaneously NM CIDS supports the following feature sets IOS IP FW IDS IOS IP FW IDS PLUS IPSEC 56 IOS IP FW IDS PLUS IPSEC 3DES IOS IP IPX AT DEC FW IDS PLUS IOS ENTERPRISE FW IDS PLUS IPSEC 56 IOS ENTERPRISE FW IDS PLUS IPSEC 3DES IOS Advanced Security IOS Advanced IP I...

Page 138: ...ovides console access from router side Console access to the module from the router External FE interface which provides a command and control interface Figure 8 1 shows the hardware architecture of NM CIDS Figure 8 1 NM CIDS Hardware Architecture Table 8 3 Hardware Requirements Feature Description Processor 500 Mhz Intel Mobile Pentium III Default SDRAM 512 MB Maximum DSRAM 512 MB Internal disk s...

Page 139: ... access to IDS Caution We recommend that you assign a loopback address on the monitoring interface otherwise if the IP address is advertised through routing updates the monitoring interface can become vulnerable to attacks For the procedure for assigning the IP address to gain access to the console and for setting up a loopback address refer to Configuring Cisco IDS Interfaces on the Router NM CID...

Page 140: ...series routers support only one NM CIDS per chassis Caution Unlike other network modules NM CIDS uses a hard disk drive Online removal of hard disk drives without proper shutdown can result in file system corruption and might render the hard disk drive unusable The operating system on NM CIDS must be shut down in an orderly fashion before it is removed This section contains the following topics Re...

Page 141: ...uding telephone cables from the back panel The following warning applies to routers that use a DC power supply Warning Before performing any of the following procedures ensure that power is removed from the DC circuit To ensure that all power is OFF locate the circuit breaker on the panel board that services the DC circuit switch the circuit breaker to the OFF position and tape the switch handle o...

Page 142: ... up and that the Active Ready indicators on the front panel also light up Step 10 Initialize NM CIDS For the procedure see Initializing the Sensor page 9 2 Step 11 Upgrade NM CIDS to the most recent Cisco software For the procedure see Obtaining Cisco IPS Software page 10 1 You are now ready to configure intrusion detection on NM CIDS For More Information For the procedure for using HTTPS to log i...

Page 143: ...he command and control port to a hub or switch Step 5 Verify that NM CIDS indicators light up and that the Active Ready indicators on the front panel also light up Step 6 Initialize NM CIDS For the procedure see Initializing the Sensor page 9 2 18031 VCC OK SYSTEM FDX LINK 100Mbps FDX 1 0 LINK 100Mbps ETH 0 ETH 3 ETHERNET 4E ETH 2 ETH 1 1 2 3 ACT LINK 0 VOICE 2V V0 V1 EN HIGH SPEED SERIAL 1HSSI H ...

Page 144: ...on System Sensor Using the Command Line Interface 5 0 Removing NM CIDS This section describes how to remove NM CIDS offline or using OIR support and contains the following topics Removing NM CIDS Offline page 8 9 Removing NM CIDS Using OIR Support page 8 10 Removing NM CIDS Offline You must turn off all power to the router before removing NM CIDS To remove NM CIDS from the router chassis follow th...

Page 145: ...60 and Cisco 3700 series routers support OIR with similar modules only If you remove an NM CIDS install another NM CIDS in its place To remove NM CIDS with OIR support follow these steps Step 1 Prepare NM CIDS to be powered off router service module IDS Sensor slot_number 0 shutdown Trying 10 10 10 1 2129 Open Wait for the shutdown message before continuing with Step 2 SERVICEMODULE 5 SHUTDOWN2 Se...

Page 146: ... Module Panels page 8 11 Blank Network Module Panels If the router is not fully configured with network modules make sure that blank panels fill the unoccupied chassis slots to provide proper airflow as shown in Figure 8 3 Figure 8 3 Blank Network Module Panel 18031 VCC OK SYSTEM FDX LINK 100Mbps FDX 1 0 LINK 100Mbps ETH 0 ETH 3 ETHERNET 4E ETH 2 ETH 1 1 2 3 ACT LINK 0 VOICE 2V V0 V1 EN HIGH SPEED...

Page 147: ...command an interactive dialog called the System Configuration Dialog appears on the system console screen The System Configuration Dialog guides you through the configuration process The values shown in brackets next to each prompt are the current values You must go through the entire System Configuration Dialog until you come to the option that you want to change To accept default settings for it...

Page 148: ...unt with administrator privileges Log in to the appliance by using a serial connection or with a monitor and keyboard Note You cannot use a monitor and keyboard with IDS 4215 IPS 4240 or IPS 4255 Session to IDSM 2 For Catalyst software cat6k enable cat6k enable session module_number For Cisco IOS software router session slot slot_number processor 1 Session to NM CIDS router service module IDS Sens...

Page 149: ...e brackets Current Configuration service host network settings host ip 10 1 9 201 24 10 1 9 1 host name sensor telnet option disabled ftp timeout 300 login banner text exit time zone settings offset 0 standard time zone name UTC exit summertime option disabled ntp option disabled exit service web server port 443 exit Current time Wed May 5 10 25 35 2004 Step 4 Press the spacebar to get to the foll...

Page 150: ...10 Type yes to modify the network access list a If you want to delete an entry type the number of the entry and press Enter or press Enter to get to the Permit line b Type the IP address and netmask of the network you want to add to the access list The IP interface is in the form of IP Address Netmask Gateway X X X X nn Y Y Y Y where X X X X specifies the sensor IP address as a 32 bit address writ...

Page 151: ...and a stop time of 2 a m on the fourth Sunday in October The default summertime offset is 60 minutes h Specify the month you want summertime settings to end Valid entries are january february march april may june july august september october november and december The default is october i Specify the week you want the summertime settings to end Valid entries are first second third fourth fifth and...

Page 152: ...first interface in the inline pair interface1 d Type the name of the second interface in the inline pair interface2 Your configuration appears with the following options 0 Go to the command prompt without saving this config 1 Return back to the setup without saving this config 2 Save this configuration and exit setup Step 16 Type 2 to save the configuration Enter your selection 2 2 Configuration S...

Page 153: ...rusion prevention on your sensor refer to the following documents Installing and Using Cisco Intrusion Prevention System Device Manager 5 0 Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5 0 Verifying Initialization After you have run the setup command you should verify that your sensor has been initialized correctly To verify that you initialized your se...

Page 154: ...first day of week sunday exit exit service interface physical interfaces GigabitEthernet0 1 description Something alt tcp reset interface none exit bypass mode off interface notifications missed percentage threshold 2 exit exit exit exit exit sensor Note You can also use the more current config command to view your configuration Step 3 Display the self signed X 509 certificate needed by TLS sensor...

Page 155: ...ignature engine updates system and recovery files firmware upgrades and readmes on the Download Software download site on Cisco com Note You must be logged in to Cisco com to download software Signature updates are posted to Cisco com approximately every week more often if needed Service packs are posted to Cisco com as needed Major and minor updates are also posted periodically You must have an a...

Page 156: ...e from Cisco com you must fill in the Encryption Software Export Distribution Authorization form before you can download the software Fill out the form and click Submit The Cisco Systems Inc Encryption Software Usage Handling and Distribution Policy appears Read the policy and click I Accept The Encryption Software Export Distribution Form appears If you previously filled out the Encryption Softwa...

Page 157: ...ates plus any new changes Major upgrade 5 0 1 requires 4 1 Note The 5 0 1 major upgrade is only used to upgrade 4 1 sensors to 5 0 1 If you are reinstalling 5 0 1 on a sensor that already has 5 0 1 installed use the system image or recovery procedures rather than the major upgrade A minor version upgrade is incremental to the major version Minor version upgrades are also base versions for service ...

Page 158: ...NM CIDS IDSM 2 AIP SSM 10 and AIP SSM 20 Full IPS application and recovery image used for reimaging an entire sensor Recovery partition image file A recovery partition image file is a partition on the sensor that contains a full IPS application image to be used for recovery Maintenance partition image file IDSM 2 only A maintenance partition image file is used to reimage the maintenance partition ...

Page 159: ...ignatures 2 Service packs include defect fixes 3 Minor versions include new features and or functionality for example signature engines 4 Major versions include new functionality or new architecture 5 Patch releases are for interim fixes 6 The r 1 1 can be revised to r 1 2 if it is necessary to release a new recovery package that contains the same underlying application image If there are defect f...

Page 160: ...the maintenance partition For the procedure refer to Installing the IDSM 2 System Image For AIP SSM reimage from ASA using the hw module module 1 recover configure boot command For the procedure refer to Installing the AIP SSM System Image Caution When you install the system image for your sensor all accounts are removed and the default account and password are reset to cisco Obtaining a License K...

Page 161: ...NOTICE There is no license key installed on the system The system will continue to operate with the currently installed signature set A valid license must be obtained in order to apply signature updates Please go to http www cisco com go license to obtain a new license or install a license You will continue to see this message until you install a license key Service Programs for IPS Products You m...

Page 162: ...5510 and then later wanted to add IPS and purchased an ASA SSM AIP 10 K9 you must now purchase the Cisco Services for IPS service contract After you have the Cisco Services for IPS service contract you must also have your product serial number to apply for the license key For the procedure see Obtaining and Installing the License Key page 10 8 Caution If you ever send your product for RMA the seri...

Page 163: ...ated Step 6 Click OK Step 7 Go to www cisco com go license Step 8 Fill in the required fields Caution You must have the correct IPS device serial number because the license key only functions on the device with that number Your license key will be sent to the e mail address you specified Step 9 Save the license key to a hard disk drive or a network drive that the client running IDM can access Step...

Page 164: ... https username location directory filename Note If you use FTP or SCP you are prompted for a password Note If you use SCP the remote host must be on the SSH known hosts list For the procedure refer to Adding Hosts to the Known Hosts List Note If you use HTTPS the remote host must be a TLS trusted host For the procedure refer to Adding TLS Trusted Hosts To install the license key follow these step...

Page 165: ...ainApp 2005_Feb_18_03 00 Release 2005 02 18T03 13 47 0600 Running AnalysisEngine 2005_Feb_15_03 00 QATest 2005 02 15T12 59 35 0600 Running CLI 2005_Feb_18_03 00 Release 2005 02 18T03 13 47 0600 Upgrade History IDS K9 maj 5 0 1 14 16 00 UTC Thu Mar 04 2004 Recovery Partition Version 1 1 5 0 1 S149 sensor Step 7 Copy your license key from a sensor to a server to keep a backup copy of the license sen...

Page 166: ...t d Choose how many people your organization employs worldwide from the drop down list e Choose your company or organization type from the drop down list Step 11 Click Submit You receive e mail notifications of updates when they occur and instructions on how to obtain them Accessing IPS Documentation You can find IPS documentation at this URL http www cisco com en US products hw vpndevc ps4077 tsd...

Page 167: ...d be aware of the most recent security threats so that you can most effectively secure and manage your network The Cisco Security Center contains the top ten intelligence reports listed by date severity urgency and whether there is a new signature available to deal with the threat The Cisco Security Center contains a Security News section that lists security articles of interest There are related ...

Page 168: ...10 14 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 Chapter 10 Obtaining Software Cisco Security Center ...

Page 169: ... be active at a time ACLs are identified by number or by name ACLs can be standard enhanced or extended You can configure the sensor to manage ACLs action The sensor s response to an event An action only happens if the event is not filtered Possible actions include TCP reset block host block connection IP logging and capturing the alert trigger packet active ACL The ACL created and maintained by N...

Page 170: ...ress Resolution Protocol Internet protocol used to map an IP address to a MAC address Defined in RFC 826 ASA Adaptive Security Appliance The ASA combines firewall VPN concentrator and intrusion prevention software functionality into one software image You can configure ASA in single mode or multi mode ASDM Adaptive Security Device Manager A web based application that lets you configure and manage ...

Page 171: ... key that is signed with an authoritative private key cidDump A script that captures a large amount of information including the IPS processes list log files OS information directory listings package information and configuration files CIDEE Cisco Intrusion Detection Event Exchange Specifies the extensions to SDEE that are used by Cisco IPS systems The CIDEE standard specifies all possible extensi...

Page 172: ...ver whenever the browser makes additional requests of the web server CTR Cisco Threat Response See Threat Response D Database Processor See DBP datagram Logical grouping of information sent as a network layer unit over a transmission medium without prior establishment of a virtual circuit IP datagrams are the primary information units in the Internet The terms cell frame message packet and segment...

Page 173: ...to alter the appearance of the data making it incomprehensible to those who are not authorized to see the information engine A component of the sensor designed to support many signatures in a certain category Each engine has parameters that can be used to create signatures or tune existing signatures enterprise network Large and diverse network connecting most major points in a company or other or...

Page 174: ... of breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet Fragment Reassembly Processor See FRP FRP Fragment Reassembly Processor Reassembles fragmented IP datagrams It is also responsible for normalization of IP fragments when the sensor is in inline mode FTP File Transfer Protocol Application protocol part of the TCP IP p...

Page 175: ...vice attack that sends a host more ICMP echo request ping packets than the protocol implementation can handle IDAPI Intrusion Detection Application Programming Interface Provides a simple interface between IPS architecture applications IDAPI reads and writes event data and provides a mechanism for control transactions IDCONF Intrusion Detection Configuration A data format standard that defines ope...

Page 176: ...urs when an attacker outside your network pretends to be a trusted user either by using an IP address that is within the range of IP addresses for your network or by using an authorized external IP address that you trust and to which you want to provide access to specified resources on your network Should an attacker get access to your IPSec security parameters that attacker can masquerade as the ...

Page 177: ...n the META engine The META engine takes alerts as input rather than packets META engine Defines events that occur in a related manner within a sliding time interval This engine processes events rather than packets MIB Management Information Base Database of network management information that is used and maintained by a network management protocol such as SNMP or CMIP The value of a MIB object can...

Page 178: ...lement on the command and control network For example an appliance an IDSM 2 or a router NORMALIZER engine Configures how the IP and TCP normalizer functions and provides configuration for signature events related to the IP and TCP normalizer NSDB Network Security Database A database of security information that explains the signatures the IPS uses along with the vulnerabilities on which these sig...

Page 179: ... packet PEP Cisco Product Evolution Program PEP is the UDI information that consists of the PID the VID and the SN of your sensor PEP provides hardware version and serial number visibility through electronic query product labels and shipping items PER packed encoding rules Instead of using a generic style of encoding that encodes all types in a uniform way PER specializes the encoding based on the...

Page 180: ...e or at an intermediate node recovery partition image An IPS image file that includes the full application image and installer used for recovery on sensors RDEP2 Remote Data Exchange Protocol version 2 The published specification for remote data exchange over the command and control network using HTTP and TLS regex See regular expression regular expression A mechanism by which you can define how t...

Page 181: ...event action filter Subtracts actions based on the signature event s signature ID addresses and RR The input to the SEAF is the signature event with actions possibly added by the SEAO SEAH signature event action handler Performs the requested actions The output from SEAH is the actions being performed and possibly an evIdsAlert written to the Event Store SEAO signature event action override Adds a...

Page 182: ...gnature distills network information and compares it against a rule set that indicates typical intrusion activity signature engine A component of the sensor that supports many signatures in a certain category An engine is composed of a parser and an inspector Each engine has a set of legal parameters that have allowable ranges or sets of values signature event action filter See SEAF signature even...

Page 183: ...reams to ensure the arrival order of the packets at the various stream based inspectors It is also responsible for normalization of the TCP stream The normalizer engine lets you enable or disable alert and deny actions SSH Secure Shell A utility that uses strong authentication and secure communications to log in to another computer over a network SSL Secure Socket Layer Encryption technology for t...

Page 184: ...s On the IDS 4250 XL the TCP reset interface is the onboard 10 100 100 TX interface which is normally used on the IDS 4250 TX appliance when the XL card is not present On the IDSM 2 the TCP reset interface is designated as port 1 with Catalyst software and is not visible to the user in Cisco IOS software The TCP reset action is only appropriate as an action selection on those signatures that are a...

Page 185: ...he identities and locations of the source s and destination s and the presence amount frequency and duration of occurrence TRAFFIC ICMP engine Analyzes traffic from nonstandard protocols such as TFN2K LOKI and DDOS Transaction Server A component of the IPS Transaction Source A component of the IPS trap Message sent by an SNMP agent to an NMS a console or a terminal to indicate the occurrence of a ...

Page 186: ...host program be run to make the virus active virus update A signature update specifically addressing viruses VLAN Virtual Local Area Network Group of devices on one or more LANs that are configured using management software so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments Because VLANs are based on logical in...

Page 187: ...m a capture file on disk You can interactively browse the capture data viewing summary and detail information for each packet Wireshark has several powerful features including a rich display filter language and the ability to view the reconstructed stream of a TCP session For more information see http www wireshark org worm A computer program that can run independently can propagate a complete wor...

Page 188: ...Glossary GL 20 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 ...

Page 189: ...ions ACL changes 1 3 IP logs 1 3 multiple packet drop 1 3 TCP reset described 1 2 active update bulletins subscribing 10 11 AIP SSM described 1 11 indicators 6 2 installing 6 3 memory specifications 6 1 models 1 11 removing 6 5 requirements 6 2 show module 1 command 6 4 specifications 6 1 time sources 1 15 verifying status 6 4 appliances ACLs 1 3 described 1 8 four post racks installing appliances...

Page 190: ...oftware 10 1 downloading software updates 10 6 IPS software 10 1 software downloads 10 1 Cisco com account 10 6 Cisco IOS software IDSM 2 enabling full memory tests 7 13 resetting 7 14 Cisco Security Center described 10 13 URL 10 13 Cisco Services for IPS service contract 10 7 supported products 10 7 clear events command 1 16 command and control Ethernet 1 2 commands clear events 1 16 copy license...

Page 191: ... figure 2 2 indicators 2 2 installing 2 5 IDS 4215 4FE card installing 3 22 removing 3 20 accessories 3 4 back panel figure 3 2 indicators 3 2 BIOS upgrade 3 9 chassis cover removing 3 11 replacing 3 13 compact flash device removing 3 17 replacing 3 18 features 3 2 front panel figure 3 2 indicators 3 2 hard disk drive removing 3 15 replacing 3 16 installing 3 7 rack mounting 3 6 ROMMON upgrade 3 9...

Page 192: ...mount installations 4 28 flush mount installations 4 29 unsupported models 1 7 IDSM 2 described 1 12 enabling full memory tests Catalyst software 7 12 Cisco IOS software 7 13 front panel 7 3 hot swapping 7 4 7 8 installing procedure 7 5 required tools 7 4 verifying 7 8 PFC 7 5 powering down Catalyst OS 7 15 powering down Cisco IOS 7 15 powering up Catalyst OS 7 15 powering up Cisco IOS 7 15 removi...

Page 193: ...ries 5 5 back panel figure 5 3 front panel figure 5 2 indicators 5 2 installing 5 7 rack mounting 5 6 specifications 5 4 IPS software available files 10 1 obtaining 10 1 platform dependent release examples 10 5 versioning scheme 10 3 L license key installing 10 10 status 10 7 trial 10 6 licensing described 10 6 IPS device serial number 10 6 Licensing pane configuring 10 8 described 10 6 logging in...

Page 194: ... requirements AIP SSM 6 2 resetting IDSM 2 7 13 RJ 45 cable pinouts 1 22 RJ 45 to DB2 5 cable pinouts 1 23 RJ 45 to DB 9 cable pinouts 1 23 S security information Cisco Security Center 10 13 sensors AIP SSM 1 11 capturing traffic 1 1 comprehensive deployment 1 1 Comprehensive Deployment Solutions figure 1 1 electrical guidelines 1 18 IDS mode 1 1 initializing 9 1 9 2 interface support 1 5 IPS mode...

Page 195: ...dows 3 9 time correcting on the sensor 1 16 time sources AIP SSM 1 15 appliances 1 14 IDSM 2 1 14 NM CIDS 1 15 trial license key 10 6 troubleshooting TCP reset interface 4 6 U understanding time on the sensor 1 14 unsupported sensors 1 7 upgrading 4 1 to 5 0 10 5 minimum required version 10 5 URLs for Cisco Security Center 10 13 using TCP reset interface 1 4 V VLAN access control list see VACLs VA...

Page 196: ...Index IN 8 Installing Cisco Intrusion Prevention System Appliances and Modules 5 0 78 16124 01 ...

Reviews:

No comments

Related manuals for AIP-SSM-10

Recon Sentinel Quick Start Manual preview
Sentinel
Brand: Recon Pages: 2
Lanner electronics FW-6420 User Manual preview
FW-6420
Brand: Lanner electronics Pages: 48
SonicWALL NSA 240 Installation Manual preview
NSA 240
Brand: SonicWALL Pages: 2
SonicWALL CSa 1000 Installation And Replacement preview
CSa 1000
Brand: SonicWALL Pages: 2
SonicWALL NSA 2600 Upgrade Manual preview
NSA 2600
Brand: SonicWALL Pages: 15
SonicWALL SMA 210 Deployment Manual preview
SMA 210
Brand: SonicWALL Pages: 26
SonicWALL 2100 CF Getting Started Manual preview
2100 CF
Brand: SonicWALL Pages: 21
SonicWALL TZ 170 SP Getting Started Manual preview
TZ 170 SP
Brand: SonicWALL Pages: 42
SonicWALL Email Security 7.0 8000 Getting Started Manual preview
Email Security 7.0 8000
Brand: SonicWALL Pages: 32
SonicWALL TZ 180 Recommends Manual preview
TZ 180
Brand: SonicWALL Pages: 44
SonicWALL Email Security 800 Getting Started Manual preview
Email Security 800
Brand: SonicWALL Pages: 40
SonicWALL ESA 5000 Getting Started Manual preview
ESA 5000
Brand: SonicWALL Pages: 41
SonicWALL 1RK40-0DA Safety And Regulatory Reference Manual preview
1RK40-0DA
Brand: SonicWALL Pages: 65
SonicWALL NSA 2400 Getting Started Manual preview
NSA 2400
Brand: SonicWALL Pages: 70
SonicWALL 1RK33-0BB Getting Started Manual preview
1RK33-0BB
Brand: SonicWALL Pages: 68
SonicWALL GX 250 Installation Manual preview
GX 250
Brand: SonicWALL Pages: 88
SonicWALL CDP 6.0 Administrator'S Manual preview
CDP 6.0
Brand: SonicWALL Pages: 272

Brands by name

Popular brands

Load more brands