Manual Cisco Systems IPS4520K9

460 pages 15.63 mb
Download

Go to site of 460

Summary
  • Cisco Systems IPS4520K9 - page 1

    Americas Headquarters Cisco System s, Inc . 170 West Tasm an Drive San Jos e, CA 95 134-1706 USA http://www .cisco .com Tel: 408 526-4000 800 553- NETS ( 6387) Fax: 408 527-0883 Cisco Intrusion P re v ention S ystem Appliance and Modul e Installation Guide f or IPS 7 .1 Text Pa rt Num ber: OL -24002-0 1 ...

  • Cisco Systems IPS4520K9 - page 2

    THE SPECIFICATIONS AND INFORM ATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOU T NOTICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDATI ONS IN TH IS MANUAL ARE BELIEVED TO BE ACCURATE BUT A RE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRES S OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRO D ...

  • Cisco Systems IPS4520K9 - page 3

    iii Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 CONTENTS About Th is Guide xv Content s xv Audienc e xv Comply wit h Local and Nation al Elect rical Co des xvi Organi zation xvii Conv enti ons xvii i Relate d Documen tation xviii Obtain ing Docu mentati on and Sub mitting a Servic e Requ ...

  • Cisco Systems IPS4520K9 - page 4

    Cont ent s iv Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Connect ing an Ap pliance to a Termina l Serve r 1-22 Time So urces and t he Senso r 1-23 The Senso r and Ti me Source s 1-23 Synch roniz ing IP S Modu le Syst em Cloc ks with the Pare nt Dev ice Sy stem Clock 1-23 Verif ying the Sen sor ...

  • Cisco Systems IPS4520K9 - page 5

    Content s v Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Hardwa re Bypa ss 4-4 4GE By pass In terf ace Car d 4-5 Hardwa re Bypa ss Co nfigur ation Restr ictions 4-5 Hardwa re Bypa ss an d Link Chan ges and Drops 4-6 Front an d Back Pan el Featu res 4-7 Specif icat ions 4-9 Accesso ries 4- ...

  • Cisco Systems IPS4520K9 - page 6

    Cont ent s vi Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Removing and Replac ing the Chas sis Cover 5-39 Accessi ng the Diag nosti c Panel 5-42 Insta lling an d Removi ng Interf ace Cards 5-43 Insta lling an d Removi ng the Power Su pply 5-45 Insta lling an d Removing Fa ns 5-50 Troubl eshoo t ...

  • Cisco Systems IPS4520K9 - page 7

    Content s vii Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Removing and Insta lling th e Core IPS SSP 7-14 Removing and Insta lling th e Power Su pply Modul e 7-16 Removing and Ins talli ng the Fan Modul e 7-18 Instal ling th e Slid e Rail Kit Hardwar e 7-19 Instal ling an d Removi ng the ...

  • Cisco Systems IPS4520K9 - page 8

    Cont ent s viii Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Insta lling SF P/SFP+ Modules 9-11 Verif ying the St atus of the ASA 5585-X IPS SSP 9-12 Removing and Replac ing the ASA 5585- X IPS S SP 9-13 APPENDI X A Logging In to the Senso r A-1 Content s A-1 Support ed Us er Rol es A-1 Logg ing ...

  • Cisco Systems IPS4520K9 - page 9

    Content s ix Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Underst andi ng Licensi ng C-9 Servic e Pr ograms f or I PS Pro ducts C-9 Obtain ing and Install ing the Li cense Key Using th e IDM or the IME C-10 Obtain ing and Install ing t he License Key Usin g the CLI C-11 Obtai ning a Lic e ...

  • Cisco Systems IPS4520K9 - page 10

    Cont ent s x Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Underst andi ng Prevent ive Maint enance E-2 Creati ng and Usi ng a Backup Config uratio n File E-2 Backin g Up and Rest oring th e Confi gurati on File Usi ng a Remot e Server E-3 Creati ng t he Serv ice Account E-5 Disast er Re covery E ...

  • Cisco Systems IPS4520K9 - page 11

    Content s xi Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Phys ical Conn ectivi ty, SP AN, or VACL Po rt Issue E-29 Unable t o See Alerts E-31 Sens or No t Se eing P acke ts E-32 Cleani ng Up a Corr upte d Sensor App Co nfigur atio n E-34 Blocki ng E-35 Troubl eshoo ting Bl ocking E-35 Ve ...

  • Cisco Systems IPS4520K9 - page 12

    Cont ent s xii Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Failo ver Sce narios E-63 Health and Stat us Informa tion E-64 The ASA 5500- X IPS SSP and the Normal izer Engine E-72 The ASA 5500- X IPS SSP and Memor y Usage E-73 The ASA 5500- X IPS SSP and Jumbo Packe t Frame Siz e E-73 The ASA 550 ...

  • Cisco Systems IPS4520K9 - page 13

    Content s xiii Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 10/100B aseT and 10/100 /1000Bas eT Conne ctors F-1 Consol e Port ( RJ-45) F-2 RJ-45 to DB-9 or DB- 25 F-3 G LOS SAR Y I NDEX ...

  • Cisco Systems IPS4520K9 - page 14

    Cont ent s xiv Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 ...

  • Cisco Systems IPS4520K9 - page 15

    -xv Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 About This Guide Published: March 31, 2010 Revised: May 6, 2013, OL-24002-0 1 Contents This gu ide desc ribes how to install ap pliances a nd m odules that support Cisco IPS 7.1. It includes a glossary tha t contains expanded acronyms and p ...

  • Cisco Systems IPS4520K9 - page 16

    -xvi Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter Contents Comply with Loca l and Nationa l Electrical Cod es War nin g Installation of the equipment must compl y with local and national electrical codes. Statement 107 4 Waarschuwing Bij installati e van de appa ratuur moet worden voldaa ...

  • Cisco Systems IPS4520K9 - page 17

    -xvi i Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter Conten ts Organization This guide includes the f ollo wing sections: Section T itle Description 1 “Introducing the Sensor” Describes I PS appliances and mo dules. 2 “Prepa ring th e App liance fo r Installation” Desc ribe ...

  • Cisco Systems IPS4520K9 - page 18

    -xvi ii Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter Contents Conven tions This document uses the followi ng con ventions: Note Means r e ader ta ke no te . Ti p Means the following information will help you solve a pr oblem . Cautio n Means re a d e r b e c a re f u l . In this situatio ...

  • Cisco Systems IPS4520K9 - page 19

    -xi x Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter Conten ts For a complete list of the Cisco ASA 55 00 series do cu mentation a nd whe re to find it, re fer to the following URL: http://www .cisco.com/en/US/docs/secu rity/asa/roadmap/asaroadmap.html Obtaining Do cumentation an d ...

  • Cisco Systems IPS4520K9 - page 20

    -xx Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter Contents ...

  • Cisco Systems IPS4520K9 - page 21

    CH A P T E R 1-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 1 Introducing the Sen sor Contents This cha pter introdu ces the sensor a nd provides inf ormation y ou should k now before you install the sensor . In this guide, the ter m sensor refers to all models unless noted otherwise. F ...

  • Cisco Systems IPS4520K9 - page 22

    1-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns Figur e 1 -1 Compr ehensiv e De ployme nt Solutions The com mand and control interf ace is al ways Eth ernet. This in terfa ce has an assi gned IP address , which allo ws it to communi ...

  • Cisco Systems IPS4520K9 - page 23

    1-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons • Generate IP session logs, session re play , an d trigger packets display . IP session logs are use d to gather information ab out unauthor ized us e. IP l og files ar e wri ...

  • Cisco Systems IPS4520K9 - page 24

    1-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns • Filter out kno wn fa lse positi ves c aused by spec ia li zed software, such a s vulnerability scanner and load balancers by one of the following methods: – Y ou can conf igur e ...

  • Cisco Systems IPS4520K9 - page 25

    1-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons Ther e are thr ee int erface role s: • Command and co ntrol • Sensing • Alternate TCP rese t There ar e restrictions on w hich roles you ca n assign to specific interface ...

  • Cisco Systems IPS4520K9 - page 26

    1-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns Sensing Interfaces Sensing inter faces are used by the sensor to analy ze traff ic for secu rity violations. A se nsor has one or more se nsing interface s depending on the se nsor . S ...

  • Cisco Systems IPS4520K9 - page 27

    1-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons ASA 5500 AIP SSM -40 — GigabitEthern et 0/1 by security context instead of VLAN pair or inline interface pair GigabitEthernet 0/1 b y security context instea d of VLAN pair or ...

  • Cisco Systems IPS4520K9 - page 28

    1-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns IPS 4255 — GigabitEthernet 0/0 GigabitEthernet 0/1 GigabitEthernet 0/2 GigabitEthernet 0/3 0/0<->0/1 0/0<->0/2 0/0<->0/3 0/1<->0/2 0/1<->0/3 0/2<-> ...

  • Cisco Systems IPS4520K9 - page 29

    1-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons IPS 4270 -20 2SX Slot 1 Slot 2 GigabitEthernet 3/0 GigabitEthernet 3/1 GigabitEthernet 4/0 GigabitEthernet 4/1 All sensing p orts can be paired together Manageme nt 0/0 Manageme ...

  • Cisco Systems IPS4520K9 - page 30

    1-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns Note The IPS 4260 supports a mixture of 4GE- BP , 2SX, and 10GE car ds. Th e IPS 4270-20 suppor ts a mixture of 4GE-BP , 2SX, and 10GE cards up to a total of either six card s, or six ...

  • Cisco Systems IPS4520K9 - page 31

    1-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons TCP Reset Interfaces This section explains the T CP reset interf aces and wh en to use them. It contains the following topics: • Understandin g Alterna te TC P Reset In terfa ...

  • Cisco Systems IPS4520K9 - page 32

    1-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns Designati ng the Alte rnate TCP Reset Interf ace Note There is only one sensing interface on the A SA IPS modules (ASA 5500 AI P SSM, ASA 5500-X IPS SSP, and ASA 5585-X I PS SSP), so ...

  • Cisco Systems IPS4520K9 - page 33

    1-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons – For Gigabit copper interfa ces (1000-TX on the IPS 4240, IPS 4255, IPS 4260, IPS 4270-20,, IPS 4345, IPS 436 0, IPS 4510, and IPS 452 0), valid speed settings are 10 Mbps, ...

  • Cisco Systems IPS4520K9 - page 34

    1-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns – The comman d and contr ol int erface canno t se rv e as the altern ate TCP reset interface fo r a sensing interface. – A sensing interface cannot serve as its ow n altern ate TC ...

  • Cisco Systems IPS4520K9 - page 35

    1-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons • VLAN Gro up Mode, page 1 -18 • Deploying VLAN Groups, pa ge 1-18 Promiscuous M ode In promisc uous mod e, pac kets do not f low through the sensor . The sensor a nalyzes ...

  • Cisco Systems IPS4520K9 - page 36

    1-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns The following configuration uses on e SP AN session to send all of the traf f ic on any of the specified VLANs to all of the specif ied ports. Each port c onfiguration on ly allows a ...

  • Cisco Systems IPS4520K9 - page 37

    1-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Ho w the Sens or Functi ons Figure 1-3 illustrates inline interface pair mode: Figur e 1 -3 Inline Int erf ace Pa ir Mode Inline VLAN Pair Mode Note The ASA IPS modules (,ASA 5500 AIP SSM, ASA 5500-X IPS ...

  • Cisco Systems IPS4520K9 - page 38

    1-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor How the Se nsor Functio ns VLAN Group Mode Note The ASA IPS modules (ASA 5 500 AIP SSM, ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP) do not support VLAN g roups mod e. Y ou c an divide each physical in terface o ...

  • Cisco Systems IPS4520K9 - page 39

    1-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Supp orted Sens ors Y ou ca n also connect applia nces between two switch es. There are two v ariations. In the first v ariatio n, the tw o port s are co nf igured as ac cess po rts, so the y carr y a sin ...

  • Cisco Systems IPS4520K9 - page 40

    1-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor IPS Appliances For More Informatio n For instructions on how to obtain th e most recent Cisco IPS software, see Obtaining Cisco IPS Software, page C-1 . IPS Appliances This section de scribes the Cisco applian ...

  • Cisco Systems IPS4520K9 - page 41

    1-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r IPS Appliances Introducing th e IPS Applian ce Note The cur rently supported Cisco IPS app liances ar e the IPS 42 40, IPS 4255 , and IPS 42 60 [IPS 7.0(x) and later an d IPS 7.1(5) and late r], IPS 4 270 ...

  • Cisco Systems IPS4520K9 - page 42

    1-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor IPS Appliances Appliance R estric tions The following restrictions ap ply to u sing an d operatin g the ap pliance: • The applian ce is not a general purp ose workstation. • Cisco System s prohibits using t ...

  • Cisco Systems IPS4520K9 - page 43

    1-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Time Sour ces and the Sensor Time Sources and the Senso r This section explains the importanc e of having a re liable time sour ce for the sensor s and ho w to correc t the time if there is an error . It ...

  • Cisco Systems IPS4520K9 - page 44

    1-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor Time Sources and the Sensor Verifying the Sensor is Synchr onized with the NTP Server In the Cisco IPS, you can not apply an incorre ct NTP configuration, such as an in v alid NTP key v alue or ID, to the sen s ...

  • Cisco Systems IPS4520K9 - page 45

    1-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 1 Introd ucing the Senso r Time Sour ces and the Sensor T o ensure the inte grity o f the time sta mp on the ev ent records, you must clear the ev ent arch i ve of th e older ev ents by using the clear event s command . Note Y ou c ...

  • Cisco Systems IPS4520K9 - page 46

    1-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapte r 1 Intr oducing the Sen sor Time Sources and the Sensor ...

  • Cisco Systems IPS4520K9 - page 47

    CH A P T E R 2-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 2 Preparing th e Appliance for Installatio n Thi s chapte r des cribe s the st eps to f ollo w before i nstal ling ne w ha rdwar e or pe rfor ming ha rdw are upgrade s, and includes the follo wing sections: • Installation Pre ...

  • Cisco Systems IPS4520K9 - page 48

    2-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 2 P reparing the Appliance for Installation Safety Recommen dations For More Informatio n • For ESD guidelines, see Electricity Safety Guidelines , page 2-2 . • For the pr ocedure f or wor king in an ESD en vironment, see W orking in a ...

  • Cisco Systems IPS4520K9 - page 49

    2-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 2 Preparing the Ap pliance for Inst allation Safety R ecommen dations Foll ow these guidelines when working on equipm ent po were d b y electric ity: • Before beginning proc edures that requir e access to the in ter ior of th e ch ...

  • Cisco Systems IPS4520K9 - page 50

    2-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 2 P reparing the Appliance for Installation Safety Recommen dations Working in an ES D Environment W o rk on ESD-se nsiti ve parts only at an a pproved static -safe station on a ground ed static dissipativ e work surf ace, for e xam ple, a ...

  • Cisco Systems IPS4520K9 - page 51

    2-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 2 Preparing the Ap pliance for Inst allation General Site Req uireme nts General Site Requirements This se ction describe s the re quirement s your site must me et for safe insta llation and o peration o f your IPS appliance. This s ...

  • Cisco Systems IPS4520K9 - page 52

    2-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 2 P reparing the Appliance for Installation General Site Requirements Power Supply Consid erations The IPS 427 0-20 ha s an A C power supply . Th e IPS 4345, IPS 4360, IPS 4 510, and IPS 4 520 have either an AC or DC power suppl y . Follo ...

  • Cisco Systems IPS4520K9 - page 53

    CH A P T E R 3-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 3 Installing the IP S 4240 and IPS 425 5 Contents This c hapter desc ribes the IPS 4240 and IP S 4255, a nd contai ns the fo llowing sections: • Installation Notes and Cav eats, page 3-1 • Product Overview , page 3 -2 • F ...

  • Cisco Systems IPS4520K9 - page 54

    3-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Product Overv iew Note The illustration s in this chapter sho w the Cisco IPS 4 240 appliance sen sor . Th e IPS 4240 and the IPS 4255 look id e nt ic a l w it h th e s a me fr o nt and back p anel fe ...

  • Cisco Systems IPS4520K9 - page 55

    3-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Front and Back Pa nel Featu res Front and Back Pan el Features Note Although the graphics sho ws the IP S 42 40, the IPS 425 5 has the s ame front a nd back panel f eatures and indicators. This ...

  • Cisco Systems IPS4520K9 - page 56

    3-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Specifications Figure 3-3 sh o ws the four built-in Ethernet ports, which have tw o indicators per por t. Figur e 3-3 Ether net P ort In dicato rs Ta b l e 3 - 2 lists the back panel indicators. Speci ...

  • Cisco Systems IPS4520K9 - page 57

    3-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Connecting the IPS 4240 to a Cisco 7200 Series R outer Connecting the IPS 4240 to a Cisco 7200 Se ries Router When an IPS 42 40 is con nected d irectly to a 7200 series r outer an d both th e I ...

  • Cisco Systems IPS4520K9 - page 58

    3-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Rack Mounting The IPS 4240 a nd IPS 42 55 acc essories kit contains the following: • DB25 conn ector • DB9 conne ctor • Rack moun ting kit—screws, wash ers, and me tal bracket • RJ45 cons ol ...

  • Cisco Systems IPS4520K9 - page 59

    3-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240 and IPS 4255 Step 2 Use the supplied screws to attac h th e appli ance to the equip ment rack. Step 3 T o remov e the appl iance fr om the rack , remo v e the scre ws th ...

  • Cisco Systems IPS4520K9 - page 60

    3-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240 and IPS 4255 T o in stall the IPS 4 240 and IPS 425 5 on the network, follo w these steps: Step 1 Position the appliance on the network. Step 2 Attach the grounding lu g to the ...

  • Cisco Systems IPS4520K9 - page 61

    3-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240 and IPS 4255 Step 6 Connect the RJ- 45 connecto r to the console port and conn ect the other end to the DB-9 o r DB-25 connec tor on your co mputer . Step 7 Attach the n ...

  • Cisco Systems IPS4520K9 - page 62

    3-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Insta lli ng the I PS 42 40-DC For More Informatio n • For more information on working with electr ical po wer and in an ESD en vi ronment , see Safety Recomm endation s, page 2-2 . • For the pro ...

  • Cisco Systems IPS4520K9 - page 63

    3-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240-DC T o install the IPS 4240-DC, follow these steps: Step 1 Position the IPS 4240-DC on the n etwork. Step 2 Attach the grounding lu g to the sid e of the a ppliance. No ...

  • Cisco Systems IPS4520K9 - page 64

    3-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Insta lli ng the I PS 42 40-DC Step 9 Insert the g round wire into the co nnector for the ea rth gr ound and tighten the screw on the connec tor . Using the sa me method as for the ground wire , conn ...

  • Cisco Systems IPS4520K9 - page 65

    3-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Installing the IPS 4240-DC For More Informatio n • DC power gui delin es are l isted in Re gulatory Comp liance and Safety Information for the Cisco Intrusion Prevention System 4200 Ser ies ...

  • Cisco Systems IPS4520K9 - page 66

    3-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 3 Installing the IPS 4240 and IPS 4255 Insta lli ng the I PS 42 40-DC ...

  • Cisco Systems IPS4520K9 - page 67

    CH A P T E R 4-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 4 Installing the IP S 4260 Contents This c hapter d escribes IPS 4260, and contains the following sections: • Installation Notes and Cav eats, page 4-1 • Product Overview , page 4 -2 • Supported Inte rface Cards, page 4 - ...

  • Cisco Systems IPS4520K9 - page 68

    4-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Product Overv iew Note In IPS 7.1, rx/tx flow control is disab led on the IPS 4260. T his is a chang e from IPS 7.0 whe re rx/tx flow control is enabled by d efault. Cautio n The BIOS on IPS 4260 is specific to IP ...

  • Cisco Systems IPS4520K9 - page 69

    4-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Suppo rted Int erf ace Cards • For more info rmation on installing and r emoving the power supply , se e Installing and R emoving the Po wer Supply , page 4-23 . Supported Interfac e Cards The IPS 4260 su ...

  • Cisco Systems IPS4520K9 - page 70

    4-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Hardwa re Bypa ss Figure 4-2 shows the 2SX in terfa ce card. Figu re 4-2 2SX I nterface Card 10GE I nterfa ce Card The 1 0GE interface card (p art numbe rs IPS-2X10 GE-SR -INT an d IPS-2X10 GE-SR -INT=) pr ovides ...

  • Cisco Systems IPS4520K9 - page 71

    4-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Hardware By pass 4GE Bypa ss Inte rface C ard The IPS 4 260 supp orts the 4-port Giga bitEthernet card ( part number I PS-4GE-BP-IN T=) with hardware bypass. This 4 GE bypass in terface ca rd suppor ts hard ...

  • Cisco Systems IPS4520K9 - page 72

    4-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Hardwa re Bypa ss The fo llowing configuration restri ctions apply to hardware bypass: • The 4-por t bypass card is only supported on the IPS 4260. • Fail-open hardware by pass on ly works on inline interfaces ...

  • Cisco Systems IPS4520K9 - page 73

    4-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Front and Back Pa nel Featu res Front and Back Pan el Features This section describe s the IPS 4260 f ront and ba ck panel features a nd indicators. Figur e 4-4 shows the front view of IPS 4260. Figur e 4-4 ...

  • Cisco Systems IPS4520K9 - page 74

    4-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Front and B ack Panel Fe atures Figure 4-5 sh ows the back view of the I PS 4260. Figur e 4-5 IPS 4260 Ba ck P anel Fea tur es Figure 4-6 sh o ws the two built-in Ethernet ports, which hav e two indicators per por ...

  • Cisco Systems IPS4520K9 - page 75

    4-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Specifi cations Ta b l e 4 - 3 lists the po wer supply indicator . Specificati ons Ta b l e 4 - 4 lists the specif ications for the IPS 4260. T able 4-3 Po w er Supply Indicat ors Color Desc ription Off No ...

  • Cisco Systems IPS4520K9 - page 76

    4-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Accesso ries Accessories War nin g IMPO RT ANT SAFETY INSTRUC TIONS This warning symbol means dang er . Y ou are in a sit uation that could cause bodily injury . Before you work on any equipment, be awa re of the ...

  • Cisco Systems IPS4520K9 - page 77

    4-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mo unting Installing the IPS 4260 in a 4-Post Rack T o ra ck mount the IPS 426 0 in a 4-post rack, follow these steps: Step 1 Attach eac h inner r ail to each si de of the chassi s with three 8-3 2x1/ ...

  • Cisco Systems IPS4520K9 - page 78

    4-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mounting Step 2 Attach the front-tab mounting bracket to the chassis with two 8-32x1/4’ SEMS scre ws. Y ou can flip the bracket to push the system forward in the rack. Step 3 Using the four inner studs, in ...

  • Cisco Systems IPS4520K9 - page 79

    4-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mo unting Step 4 Install the two outer rail subassemblies in the rack using eigh t 10-32x1/2” SEM S screws. Y ou can use four bar nuts if nec essary . Adjust the mounting brackets based on ra ck dep ...

  • Cisco Systems IPS4520K9 - page 80

    4-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mounting Installing the IPS 4260 in a 2-Post Rack T o rack mount the IPS 426 0 in a 2-post rack, follow these steps: Step 1 Attach the i nner rai l to each s ide of the chassi s with three 8 -32x1/ 4” SEMS ...

  • Cisco Systems IPS4520K9 - page 81

    4-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Rack Mo unting Step 3 Install the two outer rail subassemblies in the rack using twelve 10-32x1/2” SEMS screws or whatev er rack h ardwa re is n ecessa ry . A djust th e mou n ting brac kets based on the ...

  • Cisco Systems IPS4520K9 - page 82

    4-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing the IPS 4260 Step 5 Install four 8-32x7/16” SEMS screws through the clearance slots in the side of e ach outer rail a ssembly into the inner rail . Installing the IPS 4260 War nin g Only trained and ...

  • Cisco Systems IPS4520K9 - page 83

    4-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing th e IPS 4260 T o install the IPS 4260 on the network, follo w these steps: Step 1 Position the IPS 4260 on the network . Step 2 Attach the grounding lu gs to the b ack of the IPS 42 60. Note Us ...

  • Cisco Systems IPS4520K9 - page 84

    4-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing the IPS 4260 Step 6 Connect the RJ- 45 connecto r to the console port and conn ect the other end to the DB-9 o r DB-25 connec tor on your co mputer . Step 7 Attach the net wor k cabl es. The IPS 4260 h ...

  • Cisco Systems IPS4520K9 - page 85

    4-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Removing and Repl acing th e Chassis Co ver Step 9 Initialize the IPS 4260. Step 10 Upgrad e the IPS 426 0 with the most re cent Cisco IPS s oftware. Y ou a re no w ready to configure intrusion prev ention ...

  • Cisco Systems IPS4520K9 - page 86

    4-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Removing an d Replacing the Chassis Cover Cautio n Follo w proper safe ty procedures w hen removing and replacin g the chassis cover b y reading the safety warnings in Regulatory Compliance and Safe ty Informatio ...

  • Cisco Systems IPS4520K9 - page 87

    4-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Instal ling and Removin g Interf ace Ca rds Step 11 Power on the IPS 4260. For More Informatio n • For the ID M p rocedure for r esetting the IP S 42 60, ref er to Rebooting the Sensor ; for the IME proc ...

  • Cisco Systems IPS4520K9 - page 88

    4-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving Interfa ce Cards Step 8 Remo ve the c ard car rier b y p ulling u p on th e tw o bl ue rele ase tab s. Use equal pressu re and lift the car d carri er o ut of t he ch assi s. Step 9 W ith ...

  • Cisco Systems IPS4520K9 - page 89

    4-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving the Power Supply For More Informatio n • For the pr ocedure for at taching po wer co rds an d cables to the I PS 4260, see Installing the IPS 4260, page 4-16 . • For a n illust ...

  • Cisco Systems IPS4520K9 - page 90

    4-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving the Power Supply Step 5 Squeeze the tabs to remov e the filler plate. Step 6 Install the po wer supply . Step 7 T o re mov e the power supply , push down the green tab and pull out the po ...

  • Cisco Systems IPS4520K9 - page 91

    4-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving the Power Supply For More Informatio n For the IDM pro cedure for resetting the IPS 4260, r efer to R ebooting the Sensor ; for the IME proced ure, refer t o Rebooting the Sensor . ...

  • Cisco Systems IPS4520K9 - page 92

    4-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 4 Installing the IPS 4260 Installing and Rem oving the Power Supply ...

  • Cisco Systems IPS4520K9 - page 93

    CH A P T E R 5-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 5 Installing the IPS 427 0-20 Contents This chap ter de scribe s the IPS 4270- 20 , and incl udes the follo wing sections : • Installation Notes and Cav eats, page 5-1 • Product Overview , page 5 -2 • Supported Inte rface ...

  • Cisco Systems IPS4520K9 - page 94

    5-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Product Overv iew War nin g This product relies on the buildi ng’ s installation fo r short-circuit (overcurrent) protection. Ensure t hat the protective device is rated not greater than 120 V AC, 20 A U.S. ( ...

  • Cisco Systems IPS4520K9 - page 95

    5-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Product Ove rview Media -rich en vironm ents a re ch aracter ized by c ontent , such a s that seen on po pular websites with video and f ile transfer . Tr ansact ional e n vironments are chara cteriz ed ...

  • Cisco Systems IPS4520K9 - page 96

    5-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Supported Inte rface Cards • For more information on the 4GE b ypass interface card, see Har dwa re B ypas s, pa ge 5 -5 . • For more information about the power supplies, see Installing and Removing the Po ...

  • Cisco Systems IPS4520K9 - page 97

    5-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Hardware By pass Figure 5-3 shows the 2SX in terfa ce card. Figu re 5-3 2SX In terf ace Card 10GE I nterfa ce Card The 1 0GE interface card (p art numbe rs IPS-2X10 GE-SR -INT an d IPS-2X10 GE-SR -INT=) ...

  • Cisco Systems IPS4520K9 - page 98

    5-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Hardwa re Bypa ss 4GE Bypa ss Inte rface C ard The IPS 4270-2 0 supports th e 4-p ort GigabitEth ernet car d (part num ber IPS-4GE -BP-INT=) with hardware bypass. This 4GE bypass interface car d supports har dw ...

  • Cisco Systems IPS4520K9 - page 99

    5-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Hardware By pass The fo llowing configuration restr ictions apply to hardwa re bypass: • The 4-por t bypass card is only supported on the IPS 4270- 20. • Fail-open hardware by pass on ly works on inl ...

  • Cisco Systems IPS4520K9 - page 100

    5-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and B ack Panel Fe atures Front and Back Pan el Features This se ction describe s the IPS 4270-2 0 front a nd back panel features, indicators, and internal comp onents. Figure 5- 5 shows the fro nt view o ...

  • Cisco Systems IPS4520K9 - page 101

    5-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and Back Pa nel Featu res Ta b l e 5 - 1 describes the front panel switc hes and indicators on the IPS 4270-20. T able 5-1 Fr ont P anel Switc hes and In dicat ors Indicator D escription UID swit c ...

  • Cisco Systems IPS4520K9 - page 102

    5-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and B ack Panel Fe atures Figure 5-7 sh ows the back view of the I PS 4270- 20. Figur e 5-7 IPS 4270-2 0 Bac k P anel Feat ur es 1 1 2 3 4 5 6 7 8 9 PCI-E x4 PCI-E x8 PCI-E x4 PCI-E x8 PCI-E x4 PCI-X 100 ...

  • Cisco Systems IPS4520K9 - page 103

    5-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and Back Pa nel Featu res Figure 5-8 shows the b uilt-in Ethernet port, which has tw o indicators per por t, and the po wer supply indicators. Figur e 5-8 Ether net P ort In dicato rs Ta b l e 5 - ...

  • Cisco Systems IPS4520K9 - page 104

    5-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and B ack Panel Fe atures Off Flashing • AC p ow e r p r e s e n t • Standby mode Off On Normal T able 5-3 Po w er Supply Indicat ors (co ntinued) Fail Indica tor 1 Amber Power Indicator 2 Green Desc ...

  • Cisco Systems IPS4520K9 - page 105

    5-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Front and Back Pa nel Featu res Figure 5-9 sh ows the internal comp onents. Figur e 5-9 IPS 4270-2 0 Inter nal Components 250249 Cooling fa ns Sensing interf ace e xpansion slots Po w e r supply Po w e ...

  • Cisco Systems IPS4520K9 - page 106

    5-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Diagnos tic Panel Diagnostic Pan el The front pan el health indicators only indicate the current hardw are statu s. The Diagn ostic P anel indica tors iden tify com ponents e xpe riencin g an error , e ven t, ...

  • Cisco Systems IPS4520K9 - page 107

    5-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Specifi cations For More Informatio n • For the location of the Diagnostic Pa nel in the IPS 42 70-20 ch assis, see Figure 5-9 on pa ge 5-13 . • For inf ormation on ho w to access t he Diagnostic P ...

  • Cisco Systems IPS4520K9 - page 108

    5-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Accesso ries Accessories The IPS 427 0-20 accessori es kit contains the following: • DB-9 c onnector • DB-9/R J-45 conso le ca ble • T wo E thern et RJ-45 cables • Re gulatory Complian ce and Safety In ...

  • Cisco Systems IPS4520K9 - page 109

    5-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit No tools are requ ired fo r the round - and squa re-h ole rack s. Y ou may need scre ws tha t f it the threa ded-hol e rack and a driv er fo r those sc rews.Y ou need a st ...

  • Cisco Systems IPS4520K9 - page 110

    5-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Installing the IPS 4 270-20 in the Rack War nin g This procedure requires two or more people to position the IPS 4270-20 on the slide assemblies before pushing it in to the rack ...

  • Cisco Systems IPS4520K9 - page 111

    5-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit Step 3 T o remove the chassis side rail, l ift the latch, and slide the rail forward. 1 2345678 Cisco IPS 4270 SERIES Intrusion Prevention Sensor U I D S Y S T E M P W R S ...

  • Cisco Systems IPS4520K9 - page 112

    5-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 4 If you a re installing the IPS 4270- 20 in a sha llo w rack, one that is less than 28.5 in . (72.39 cm), rem ov e the scre w f rom the insi de of the slide as sembly be f ...

  • Cisco Systems IPS4520K9 - page 113

    5-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit Step 5 Attach the sl ide assemblies to the rack. For round- and squ are-hole rac ks: a. Line up the stud s on the slide assembly with the hole s on th e insi de of the r a ...

  • Cisco Systems IPS4520K9 - page 114

    5-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit For threade d-hole ra cks: a. Remove the eight round- or square -hole studs on each slide a ssembly using a s tandar d scre wd ri v er . Note Y ou ma y need a pair of pliers to ...

  • Cisco Systems IPS4520K9 - page 115

    5-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit b. Line up the brack et on the slide assembly with th e rack holes, install two screws (top and bottom) on ea ch end of t he slide asse mbly . c. Repeat f or ea ch slide a ...

  • Cisco Systems IPS4520K9 - page 116

    5-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 6 Extend the slide a ssemblies out of the rack. 250211 ...

  • Cisco Systems IPS4520K9 - page 117

    5-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit Step 7 Align the chassis side rails on the IPS 4270-20 with the slide assembly on both sides of the rack, release the blue slide tab (by either pulling the tab forward or ...

  • Cisco Systems IPS4520K9 - page 118

    5-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 9 Install th e electrical cables at the back of the IPS 4270-2 0. For More Informatio n • For the proce dure fo r install ing th e cable mana geme nt arm , see Installing ...

  • Cisco Systems IPS4520K9 - page 119

    5-27 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit T o extend the IPS 4270-20 from the rack, f ollow these steps: Step 1 Pull the quick-relea se le vers on ea ch side of the fron t beze l of the IPS 4270-20 t o release it ...

  • Cisco Systems IPS4520K9 - page 120

    5-28 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 3 T o completely remov e the IPS 4270-20 from the r ack, discon nect the cable s from the back of the IPS 4270-2 0, push the re lease tab in the middle of the slide assembl ...

  • Cisco Systems IPS4520K9 - page 121

    5-29 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit T o install the cable m anagement arm, follo w these steps: Step 1 Align the slide bra cket on the cab le manage ment arm with the stud on the back of the IPS 4270- 20 and ...

  • Cisco Systems IPS4520K9 - page 122

    5-30 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 2 Attach th e cable trough to th e back of the r ack by pushing the lower metal tab on the cable mana gement arm in to the slide assemb ly , then lifting the spring pin to ...

  • Cisco Systems IPS4520K9 - page 123

    5-31 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit Step 3 Rout e the ca bles throug h the cabl e trou gh and secur e the c ables with t he V elcro s traps and black t ie wraps. Note After you ro ute the cables th rough the ...

  • Cisco Systems IPS4520K9 - page 124

    5-32 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 4 Attach the c able ma nage ment arm st op bra cket to the ri de side of the back of the rack by inserting the stop bracket into the cable manage ment arm brac ket. Conver ...

  • Cisco Systems IPS4520K9 - page 125

    5-33 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail System Kit T o con vert the cable managem ent arm swin g, fo llo w the se step s: Step 1 Pull up the sp ring pin an d slid e the brac ket of f the cable ma nage ment arm. 250218 ...

  • Cisco Systems IPS4520K9 - page 126

    5-34 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing the Rail Sys tem Kit Step 2 Remov e the bottom sliding bracket and f lip it ov er to the top of the bracke t aligning the studs. 250219 ...

  • Cisco Systems IPS4520K9 - page 127

    5-35 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Instal ling the IPS 4270-20 Step 3 On the other side of the sliding br acket, align the spring pin with the studs and key holes, and slide until the pin sn aps in to place . Note The sliding bracket onl ...

  • Cisco Systems IPS4520K9 - page 128

    5-36 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Inst allin g the IP S 427 0-20 with standard practices for preventing acci dents. Use the statement number provided at the end of each warning to locate it s translation i n the translat ed s afety warnings th ...

  • Cisco Systems IPS4520K9 - page 129

    5-37 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Instal ling the IPS 4270-20 Step 4 Connec t the RJ-4 5 to DB-9 adapter connecto r to t he conso le port and con nect the othe r end to th e DB-9 connec tor on your co mputer . Computer serial por t DB-9 ...

  • Cisco Systems IPS4520K9 - page 130

    5-38 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Inst allin g the IP S 427 0-20 Step 5 Attach the net wor k cabl es. The IPS 4270-2 0 has the followi ng interfaces: • Managem ent 0/0 (MGMT 0/0) is the comman d and control port. • GigabitEthernet slot_num ...

  • Cisco Systems IPS4520K9 - page 131

    5-39 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Removing and Repl acing th e Chassis Co ver For More Informatio n • For more information on working with electr ical po wer and in an ESD en vi ronment , see Safety Recomm endation s, page 2-2 . • F ...

  • Cisco Systems IPS4520K9 - page 132

    5-40 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Removing an d Replacing the Chassis Cover War nin g This unit might have more than one p ower supply connection. All connections must be removed to de-energize the unit. Statement 1028 Note Remo ving the app l ...

  • Cisco Systems IPS4520K9 - page 133

    5-41 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Removing and Repl acing th e Chassis Co ver Step 8 Lift up the cover l atch on the top of the chassis. Step 9 Slide the chassis cover back and up to remove it. Cautio n Do not oper ate the IPS 4270-20 w ...

  • Cisco Systems IPS4520K9 - page 134

    5-42 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Accessi ng the Diagn ostic Pane l Note Make sure the chassis cover is secu rely locked in to pl ace befor e powering up the IPS 4270-20 . Step 11 Reattach the power cables to the IPS 4270-2 0. Step 12 Reinstal ...

  • Cisco Systems IPS4520K9 - page 135

    5-43 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Instal ling and Removin g Interf ace Ca rds Installing and Removi ng Interface Cards Cautio n Follo w prope r safety p rocedur es when p erforming these steps by reading th e safety wa rnings in Re gula ...

  • Cisco Systems IPS4520K9 - page 136

    5-44 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving Interfa ce Cards Step 8 T o u nlock the expansion car d slot, push down on the ce nter part of the blue tab and op en the la tch. Step 9 T o unins tall a c ard, lift the ca rd out of t ...

  • Cisco Systems IPS4520K9 - page 137

    5-45 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply For More Informatio n • For a n illustration of the e xpansion card slots, se e Figure 5-7 on page 5-1 0 . • For an illustration of the supported interface ...

  • Cisco Systems IPS4520K9 - page 138

    5-46 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply Step 5 Use the T - 15 T or x screwdriv er that shipped with the IPS 4270-2 0 to remove the shipping screw . The T - 15 T orx screwdriver is located t o the righ t of p ...

  • Cisco Systems IPS4520K9 - page 139

    5-47 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply Step 6 Remov e the power supply by pulling it away from the chassis. 250219 ...

  • Cisco Systems IPS4520K9 - page 140

    5-48 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply Step 7 Install the p o wer supply . Make sur e the hand le is open and slide the power supply into the bay . 1 2 3 4 PCI-E x4 PCI-X 100 MHz Reserved for Future Use CON ...

  • Cisco Systems IPS4520K9 - page 141

    5-49 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving the Power Supply Step 8 Lock the power supply ha ndle. Step 9 Reconnect the po wer cables. B e sure th at the po wer su pply indicator is green and the front panel health indica ...

  • Cisco Systems IPS4520K9 - page 142

    5-50 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Rem oving Fans Installing and Removing Fans There ar e six fans in the IPS 4270- 20. The IPS 42 70- 20 supports redun dant hot-pluggab le fans in a 5 + 1 configuration to provide proper airflow ...

  • Cisco Systems IPS4520K9 - page 143

    5-51 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Installing and Removing Fans Step 4 Remove the failed fan b y graspin g the red plastic handle an d pulling up. Note Remove and replace one fan at a time. If the IPS 4 270-20 detect s two f ailed fans, ...

  • Cisco Systems IPS4520K9 - page 144

    5-52 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 5 Installing the IPS 4270-20 Troubles hooting Loose Con nections Troubleshooting Loose Connections Perform the following actions to trouble shoot loose connec tions on sensors: • Make sure al l po we r cord s are se curel y conne cte d. ...

  • Cisco Systems IPS4520K9 - page 145

    CH A P T E R 6-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 6 Installing the IP S 4345 and IPS 436 0 Contents This cha pter describ es the Cisco IPS 4345 and the I PS 4360, a nd include s the following se ctions: • Installation Notes and Cav eats, page 6-1 • Product Overview , page ...

  • Cisco Systems IPS4520K9 - page 146

    6-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Product Overv iew Product Overview The IPS 4345 deli ver s 500 Meg abits of int rusion pre v ention performance. Y ou can use th e IPS 4345 to protect both ha lf Gig abit sub nets an d aggr eg ated tr ...

  • Cisco Systems IPS4520K9 - page 147

    6-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Specifi cations Op eratin g power Steady state/ma ximum 372W 382W T o tal heat d issipation 730 BTU /hr 730 BTU /hr Output h old-up time 20mS 12mS Inrush cu rrent 40A 40A Environme nt T emp e ...

  • Cisco Systems IPS4520K9 - page 148

    6-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Accesso ries Accessories Figure 6-1 an d Figure 6-2 displa y the conten ts of the sensor packing box, w hich contains the ite ms you need to install t he sensor . Figur e 6-1 IPS 4345 P acking Bo x Co ...

  • Cisco Systems IPS4520K9 - page 149

    6-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Front and Back Pa nel Featu res Figur e 6-2 IPS 4360 P acking Bo x Content s Front and Back Pan el Features This se ction describe s the IPS 4345 a nd IPS 43 60 front and ba ck pane l feat ur ...

  • Cisco Systems IPS4520K9 - page 150

    6-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Front and B ack Panel Fe atures Figure 6-4 sh o ws the indicators for the IPS 4345. These i ndicator s are also found on the bac k panel of the IPS 43 45. Figur e 6-4 IPS 4345 I ndicat ors Figure 6-5 ...

  • Cisco Systems IPS4520K9 - page 151

    6-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Front and Back Pa nel Featu res Figure 6-6 sh ows the back pane l features of the IPS 4345. Figur e 6-6 IPS 4345 Ba ck P anel Fea tur es PS1 Indica tes the state of the po wer supply module i ...

  • Cisco Systems IPS4520K9 - page 152

    6-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Front and B ack Panel Fe atures Figure 6-7 sh ows the back pane l features of the IPS 4360. Figur e 6-7 IPS 4360 Ba ck P anel Fea tur es Ta b l e 6 - 3 describes the rear MGMT and networ k interface i ...

  • Cisco Systems IPS4520K9 - page 153

    6-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Rack Moun t Instal lation Rack Mount Installat ion This section describes how to rack mount the 4300 series chassis, and cont ains the following topics: • Rack-M ounting G uideline s, page ...

  • Cisco Systems IPS4520K9 - page 154

    6-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Rack Mount Install ation Installing the IPS 4 345 in a Rack The IPS 4345 ships with the rack mount brackets inst alled on the fron t of the chass is. Use th ese brack ets to mount the chassis to the ...

  • Cisco Systems IPS4520K9 - page 155

    6-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Rack Moun t Instal lation Step 4 Attach the c hassis to the rac k using the supplied scr e ws ( Figure 6-10 ). Figur e 6-1 0 Rac k-Mounting the Chas sis Step 5 T o remove the cha ssis from t ...

  • Cisco Systems IPS4520K9 - page 156

    6-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Installing the A ppliance on th e Network Installing the Appli ance on the Network War nin g IMPO RT ANT SAFETY INSTRUC TIONS This warning symbol means dang er . Y ou are in a sit uation that could c ...

  • Cisco Systems IPS4520K9 - page 157

    6-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 I nst allin g the Appl ianc e on the Ne twork Step 4 Connect to the m anagement port. Connect on e RJ-45 co nnector to the management p ort and con nect the other end to the ma nagement po r ...

  • Cisco Systems IPS4520K9 - page 158

    6-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Installing the A ppliance on th e Network Step 5 Connec t to the cons ole port . The cons ole cable h as a DB-9 c onnector on on e end for the serial port on your co mputer , and th e other end is an ...

  • Cisco Systems IPS4520K9 - page 159

    6-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Step 8 Po wer on the appliance. Step 9 Initial ize the appl iance . Step 10 Install the most re cent Cisco I PS software. Y ou are now rea dy to c ...

  • Cisco Systems IPS4520K9 - page 160

    6-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply The power sup plies each pr ovide 400 W of ou tput power and are used in a 1 + 1 redund ant co nfiguration. There is no input switch on the faceplate of the ...

  • Cisco Systems IPS4520K9 - page 161

    6-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Ta b l e 6 - 4 describes th e power supply indicator . The func ti on of the indicato r is the same for both the AC and DC po wer sup plies. Remov ...

  • Cisco Systems IPS4520K9 - page 162

    6-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply T o r emove and install the AC po wer supply , follo w these steps: Step 1 If you are adding an additio nal power supply , f rom th e back of th e appli anc ...

  • Cisco Systems IPS4520K9 - page 163

    6-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Step 3 Install the ne w po wer supply by aligning it with the po wer supply bay and pushing it into place until it is seated w hile supporting it ...

  • Cisco Systems IPS4520K9 - page 164

    6-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply Installing DC Input P ower War nin g The covers are an integral part o f the safety des ign of t he product. Do not operate the unit without the covers inst ...

  • Cisco Systems IPS4520K9 - page 165

    6-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Figure 6-16 shows the back panel of the IPS 4345 with the DC power supply . Figur e 6-1 6 IPS 4345 Ba ck P anel Figure 6-17 shows the back panel o ...

  • Cisco Systems IPS4520K9 - page 166

    6-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply T o connect the DC po wer supp ly on the appl iance, fo llo w these step s: Step 1 Make sure tha t the chassis ground is connec ted on the cha ssis before y ...

  • Cisco Systems IPS4520K9 - page 167

    6-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Step 6 Identify the positive, ne gativ e, and gro und feed positions fo r the DC power supply connectio n. The recomm ende d wirin g sequ ence is ...

  • Cisco Systems IPS4520K9 - page 168

    6-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply Figure 6-20 shows the DC po we r supp ly wi th lead wires. Figur e 6-2 0 DC P ower Supply wit h Lead Wir es Step 7 Insert th e exposed end of one of the gro ...

  • Cisco Systems IPS4520K9 - page 169

    6-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 6 Installing the IPS 434 5 and IPS 43 60 Removing a nd Instal ling th e Power Supply Removin g and Insta lling the DC Powe r Supply Note This proc edure app lies only to the applian ces with a removable DC power supply (IPS 436 0). ...

  • Cisco Systems IPS4520K9 - page 170

    6-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 6 Installing the IPS 4345 and IPS 4360 Removing an d Installing t he Power Supply c. Push the lev er on the power supply to the left and remov e the power supply by grasping the handle and then pulling the po wer supply out of the chassi ...

  • Cisco Systems IPS4520K9 - page 171

    CH A P T E R 7-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 7 Installing the IP S 4510 and IPS 452 0 Contents This cha pter describ es the Cisco IPS 4510 and IPS 4520, and inclu des the follo wing sections: • Installation Notes and Cav eats, page 7-1 • Product Overview , page 7 -2 ? ...

  • Cisco Systems IPS4520K9 - page 172

    7-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Product Overv iew War nin g Only trained and qualified personnel should inst all, replace, or service this eq u i p m e n t . Statement 49 Cautio n Read the safety w arnings in the Re gulatory Complia ...

  • Cisco Systems IPS4520K9 - page 173

    7-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Front and Back Pa nel Featu res IME The Intr usion Pre vention System Manag er Express (IM E) 7.2.3 and later also support the IPS 4 510 and IPS 4520. IM E is a network manageme nt applicat i ...

  • Cisco Systems IPS4520K9 - page 174

    7-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Front and B ack Panel Fe atures Figure 7-2 sh o ws the front panel indicators. Figur e 7 -2 F r ont P anel Indicat ors Ta b l e 7 - 1 describes the front panel indicato r s on the IPS 4510 and IPS 4 5 ...

  • Cisco Systems IPS4520K9 - page 175

    7-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Front and Back Pa nel Featu res PS1 Indica tes the state of the po wer supply module installed on the right when facing the back pane l: • Off—No power supply module pr esent or no AC inp ...

  • Cisco Systems IPS4520K9 - page 176

    7-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Front and B ack Panel Fe atures Figure 7-3 shows the ba ck panel fe atures. Figur e 7 -3 Bac k P anel F eatur es Figure 7-4 sh ows the po wer supply module ind icators. Figur e 7 -4 P o wer S upply Mo ...

  • Cisco Systems IPS4520K9 - page 177

    7-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Front and Back Pa nel Featu res Ta b l e 7 - 2 describes the power supply module an d fan module indicator s. Ta b l e 7 - 3 describes the Ethernet por t indicators. T able 7 - 2 Po w er Supp ...

  • Cisco Systems IPS4520K9 - page 178

    7-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Specifications Specificati ons Ta b l e 7 - 4 lists the specif ications for the IPS 4 510 and IPS 452 0. 10-Gigabit Ethernet Fiber (SFP+)/1-Gigabit Ethernet F iber (SFP) • Left s ide: – Of f—No ...

  • Cisco Systems IPS4520K9 - page 179

    7-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Accessories Accessories The conte nts of the sensor pac king box contai ns th e following items you need to install the sensor : • Senso r chassis • Documen tation • 2 Y ello w Et herne ...

  • Cisco Systems IPS4520K9 - page 180

    7-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Memory C onfigurations Memory Configurations The IPS 4510 a nd IP S 4520 hav e up to 6 DI MM module s per CPU. DIMM p opulation is platfor m-depen dent. Ta b l e 7 - 5 sho ws the memory co nf igur at ...

  • Cisco Systems IPS4520K9 - page 181

    7-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing the IPS 4510 and IPS 4520 Ta b l e 7 - 7 lists the SFP/SFP+ modules that the IPS 45 10 and IP S 4520 sup port. Installing the IPS 4510 and IPS 4520 The IPS 451 0 and IPS 4 520 hav ...

  • Cisco Systems IPS4520K9 - page 182

    7-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing the IPS 4 510 and IPS 4520 b. Connect one RJ -45 connector to the Managemen t 0/0 interface. c. Connect the othe r end of the Eth ernet cable to the Ethernet por t on your compu ter or to ...

  • Cisco Systems IPS4520K9 - page 183

    7-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing the IPS 4510 and IPS 4520 b. Connect one e nd of the LC cable to the SFP/SFP+ module. c. Connect the othe r end of the LC cable to a network device, such as a router or switch. St ...

  • Cisco Systems IPS4520K9 - page 184

    7-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Removing an d Installing the Core IPS SSP Step 6 Po we r on the sensor . Cautio n If the appliance is subje cted to en vironme ntal ov erheatin g, it shuts down and you must manually power cycle it t ...

  • Cisco Systems IPS4520K9 - page 185

    7-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Removing and Installing th e Core IPS SSP Step 7 Grasp t he e jection le ve rs at the lef t and r ight bottom of the de signated slot and pull them out. Step 8 Grasp the side s of the module ...

  • Cisco Systems IPS4520K9 - page 186

    7-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Removing an d Installing t he Power Supply Module Removing and Installing the Power Supply Module The IP S 45 10 ships with one power supply modu le and one fan mo dule installed, and the I PS 4520 s ...

  • Cisco Systems IPS4520K9 - page 187

    7-17 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Removing and Installing the Power Supply Module Step 5 Install the n e w power supply module by aligning it with the power supply m odule ba y and pushing it into place unti l it is seat ed. ...

  • Cisco Systems IPS4520K9 - page 188

    7-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Removing an d Installing t he Fan Modul e Removing and Installing the Fan Module The IP S 45 10 ships with one power supply modu le and one fan mo dule installed, and the I PS 4520 ships with two pow ...

  • Cisco Systems IPS4520K9 - page 189

    7-19 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing the Slide Rail Kit Hardware Step 3 Install the ne w fan module b y aligning it wi th the fan module bay and p ushing it into place until it is seated. Step 4 T ighten the capti ve ...

  • Cisco Systems IPS4520K9 - page 190

    7-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit Figure 7-5 sh ows all of the bra ckets that c an be re mov ed for the fixed rack mount. Figur e 7 -5 Br ack ets for t he Fix ed Rac k Moun t Step 4 Attach ...

  • Cisco Systems IPS4520K9 - page 191

    7-21 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing and Remo ving the Slide Rail Kit Package Conten ts The slide rail kit package co nta ins the following items: • Left and right slid e rails • Six #10-32 screws • T wo #10- 3 ...

  • Cisco Systems IPS4520K9 - page 192

    7-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit For square hole posts, square studs must be attached fully inside the square hole on the rack ra il. F or threaded hole post s, the r ound stud m ust full ...

  • Cisco Systems IPS4520K9 - page 193

    7-23 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing and Remo ving the Slide Rail Kit Step 2 Secure the slide r ail to the r ack po st with the provided #10-32 scre ws b y tightening the scre ws at the front and rear end of the slid ...

  • Cisco Systems IPS4520K9 - page 194

    7-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit Step 3 For square hole ra cks, install one #1 0-32 cag e nut on each side of the r ack rail ( Figure 7-10 ). Leave one square hole spacing above the slide ...

  • Cisco Systems IPS4520K9 - page 195

    7-25 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing and Remo ving the Slide Rail Kit Step 4 Install the chassis on the outer r ail. Make sure that the U-bars are ali gned to the outer rail ev enly , then push the chass is in to the ...

  • Cisco Systems IPS4520K9 - page 196

    7-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit Step 5 T ighten the scre ws to secure the chassis to the rack ( Figur e 7-1 2 ). Use th e upper hole to secure th e chass is to the rack . a. For square h ...

  • Cisco Systems IPS4520K9 - page 197

    7-27 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Installing and Remo ving the Slide Rail Kit Remov ing the C hass is fr om th e Rack T o remove the chassis from the rack, follow these steps: Step 1 Remov e the scre ws fr om the front brack ...

  • Cisco Systems IPS4520K9 - page 198

    7-28 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing and Removi ng the Slide Rail Kit Step 3 Press down the release hook to re mov e the chassis fr om the rack ( Figur e 7-14 ). Figur e 7 -14 Pr essing Dow n the Rel ease Hoo k 33 0564 ...

  • Cisco Systems IPS4520K9 - page 199

    7-29 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Rack-M ounting the Chassis Usi ng the Fi xed Rack Mo unt Step 4 Remo ve th e two scre ws from the front and rea r of the rack that are secur ing the slide ra il, and rel ease the latch and p ...

  • Cisco Systems IPS4520K9 - page 200

    7-30 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Rack-Mount ing the Chass is Using the Fixed Rack Mount Step 2 Position the front bracket on the side of the sensor and line up the brac ket scre ws with the screw holes on the sensor . Step 3 T ighte ...

  • Cisco Systems IPS4520K9 - page 201

    7-31 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Rack-M ounting the Chassis Usi ng the Fi xed Rack Mo unt Step 9 (O pt i on al ) Install the proper slide-mo unt br ackets on to the rear bracket on th e chassis. Step 10 (Optional) Fo r adde ...

  • Cisco Systems IPS4520K9 - page 202

    7-32 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 Installing the Cab le Manageme nt Brackets Installing the Cable Management Brac kets The IPS 4510 a nd IPS 452 0 ship w ith two cabl e mana ge ment b rackets that you can us e to organiz e the cables ...

  • Cisco Systems IPS4520K9 - page 203

    7-33 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 7 Installing the IPS 451 0 and IPS 45 20 Troublesho oting Loo se Conn ections Figu re 7 - 17 C able Man agemen t Brack ets for th e Sli de Rai l Step 4 T igh ten t he scre ws in to the rack. Step 5 Reattach the po wer cable to the ...

  • Cisco Systems IPS4520K9 - page 204

    7-34 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 7 Installing the IPS 4510 and IPS 4520 IPS 4500 Series Sensors and th e SwitchApp IPS 4500 Series Sensors and the Switch App The 4500 series sensors ha ve a b u ilt in switch that pro vides the e xternal monitoring interfa ces of the sens ...

  • Cisco Systems IPS4520K9 - page 205

    CH A P T E R 8-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 8 Installing and Removing the ASA 5500 AIP SSM Contents This chap ter des cribes the ASA 5500 AIP SSM and cont ains the foll o wing secti ons: • Installation Notes and Cav eats, page 8-1 • Product Overview , page 8 -2 • S ...

  • Cisco Systems IPS4520K9 - page 206

    8-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Product Overv iew Product Overview The Cisco ASA Adv anced I nspection and Pre v ention Security Services Modu le (AS A 55 0 0 A I P S SM ) i s the IPS plug-in module in the Cisco ASA 5500 ser ...

  • Cisco Systems IPS4520K9 - page 207

    8-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Product Ove rview In prom iscuous mo de, the IPS re cei v es packe ts ov er the Gi gabitEthernet inte rf ace, e xamin es them for intrusiv e behavior , and generates alerts base d on a ...

  • Cisco Systems IPS4520K9 - page 208

    8-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Specifications Specificati ons Ta b l e 8 - 1 lists the specifications for the A SA 5500 A IP SSM: Memory Specifications Ta b l e 8 - 2 lists the memory specifica tions for the ASA 5500 AIP SS ...

  • Cisco Systems IPS4520K9 - page 209

    8-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Indicat ors Indicat ors Figure 8-3 sh ows the ASA 5500 AIP SSM ind icators. Figur e 8-3 ASA 5500 AIP SSM Indicat ors Ta b l e 8 - 3 describes the ASA 5500 AIP SSM in d ic a to rs . Inst ...

  • Cisco Systems IPS4520K9 - page 210

    8-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Installation and Removal Instruct ions Step 3 Remove the two screws at the left back end of the c hassis, a nd remove the slot c over . Note Store the s lot co ve r in a sa fe pla ce for fu tu ...

  • Cisco Systems IPS4520K9 - page 211

    8-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Installati on and Rem oval Instr uctions • For the proc edure for using HTTPS to log in to th e IDM, re fer to Logg ing In to the IDM . Verifying the Status of th e ASA 55 00 AIP SSM ...

  • Cisco Systems IPS4520K9 - page 212

    8-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 8 Installing and Removing the ASA 5500 AIP SSM Installation and Removal Instruct ions Step 5 Locate the groundin g strap from the accessory kit a nd fasten it to your wrist so that it conta cts your bare skin. Attach the other end to th e ...

  • Cisco Systems IPS4520K9 - page 213

    CH A P T E R 9-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 9 Installing and Removing the ASA 5585-X IPS SSP Contents This chapter describes the Cisco ASA 5585-X I PS SSP, and contains the follo wing sections: • Installation Notes and Cav eats, page 9-1 • Introdu cing the ASA 5585-X ...

  • Cisco Systems IPS4520K9 - page 214

    9-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Introducing the ASA 55 85-X IPS SS P Introducin g the ASA 5585-X IPS SSP Y ou can install the Cisco Intrusion Preve ntion System Security Services Processor (ASA 5585-X IPS SSP) in the ASA ...

  • Cisco Systems IPS4520K9 - page 215

    9-3 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Specifi cations another power supply module for a redunda nt po wer supply c onfiguration. The SSP-10 with IPS SSP- 10 has two CPUs, six DIMM mo dules, two embedde d cryp to acceler a ...

  • Cisco Systems IPS4520K9 - page 216

    9-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Hardware and Software Requirements Hardware and Software Requireme nts The ASA 5585-X IPS SSP has t he follo wing hardware and software requirements: • Cisco ASA 5 585-X a daptiv e secur ...

  • Cisco Systems IPS4520K9 - page 217

    9-5 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Front Panel Fe atures Figure 9-2 sh o ws the front v ie w of IPS SSP-40 and IPS SSP-60. Note The illustration shows IPS SSP-40, but it applies to both the -40 and the -60 models. Figu ...

  • Cisco Systems IPS4520K9 - page 218

    9-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Front Panel Fe atures Figure 9-3 sh o ws the front panel indicators. Figur e 9-3 ASA 558 5-X IPS SSP F r ont P anel Indicators 5 T enGigabitEthernet 1/9 ( (10-Gb fiber , SFP , or SFP+) 14 ...

  • Cisco Systems IPS4520K9 - page 219

    9-7 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Front Panel Fe atures Ta b l e 9 - 2 descr ibes the front panel indicators on the ASA 5585-X IPS SSP. T able 9-2 ASA 558 5-X IPS SSP F r ont P ane l Indicat ors Indicator D escription ...

  • Cisco Systems IPS4520K9 - page 220

    9-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Memory R equirements Ta b l e 9 - 3 sho ws th e Ethernet po rt indica tors. Memory Re quireme nts The ASA -5585-X has up to 6 DIMM modules p er CPU. DIMM population is pla tform-dep endent ...

  • Cisco Systems IPS4520K9 - page 221

    9-9 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP SF P/SFP+ Module s SFP/SFP+ Modules The SFP/SFP+ module is a hot-sw appable input/outpu t de vice that plu gs into the SFP/SFP+ ports and provides Gigabit Ethernet connecti vity . The ...

  • Cisco Systems IPS4520K9 - page 222

    9-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Installing the ASA 5585-X IPS SSP Step 3 From the front panel of the ASA 5585-X, loo sen the capt iv e screws on the up per left and rig ht of the slot tray (slot 1), and remove it. Store ...

  • Cisco Systems IPS4520K9 - page 223

    9-11 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Installing SFP/SFP + Modules For More Informatio n • For more information about ESD, see Pr e venting Electrostatic D ischarge Damage , page 2- 3 . • For the procedure for v erif ...

  • Cisco Systems IPS4520K9 - page 224

    9-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Verifying the Status of the ASA 5585-X IPS SSP T o connect to the SFP/SFP+ port if you are using fiber ports, follow the se steps: Step 1 Install the SFP/SFP+ module. Step 2 Connect one e ...

  • Cisco Systems IPS4520K9 - page 225

    9-13 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Removing and Repla cing the ASA 5585-X IPS SSP T o verify the status of the ASA 5585-X IPS SSP, follo w these steps: Step 1 Log in to the adapti ve security appliance. Step 2 V erif ...

  • Cisco Systems IPS4520K9 - page 226

    9-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Removing an d Replacing the ASA 5585-X IPS S SP Step 7 Grasp t he e jection le ve rs at the lef t and r ight bottom of the mod ule slot and pull them out. Step 8 Grasp the sides of the AS ...

  • Cisco Systems IPS4520K9 - page 227

    9-15 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 Chapter 9 Installing and Removing the ASA 5585-X IPS SSP Removing and Repla cing the ASA 5585-X IPS SSP Step 11 Repla ce the scre ws. Step 12 Reconne ct the power cable to the ASA 5585-X . Step 13 Po wer on the ASA 5585- X. Step 14 V erify ...

  • Cisco Systems IPS4520K9 - page 228

    9-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Chapter 9 Instal ling and Removing th e ASA 5585-X IPS SSP Removing an d Replacing the ASA 5585-X IPS S SP ...

  • Cisco Systems IPS4520K9 - page 229

    A- 1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX A Logging In to the Sensor Contents This chapter expla ins how to log in to the sensor . All IPS platforms allow ten concurrent log in se ssions. It contains the follo wing sections: • Supported User Roles, pa ge A- 1 • Loggin ...

  • Cisco Systems IPS4520K9 - page 230

    A- 2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appen dix A Log ging In to the Se nsor Logging I n to the Applianc e For More Informatio n For the proce dure for cr eating th e service acc ount, re fer to Creating the Servic e Account, page E-5 . Logging In to th e Appliance Note Y ou ca n log ...

  • Cisco Systems IPS4520K9 - page 231

    A-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix A Logging In to the Sens or Connect ing an Applianc e to a Ter minal S erver Connecting an Appl iance to a Te rminal Server A terminal serve r is a router with multiple, lo w sp eed, asynchronous ports that a re connected to other ...

  • Cisco Systems IPS4520K9 - page 232

    A- 4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appen dix A Log ging In to the Se nsor Logging In to the ASA 5500 AIP SSP Logging In to the ASA 5500 AIP SSP Y ou log in to the ASA 5500 AIP SSM from the ad apti v e secu rity app liance. T o s ession in to the ASA 550 0 AIP SSM from the ad aptiv ...

  • Cisco Systems IPS4520K9 - page 233

    A-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix A Logging In to the Sens or Logging In to the ASA 5500-X IPS SSP Logging In to the ASA 5500-X IPS SSP Y ou log in to the ASA 55 00-X IPS SSP from the adapti v e secu rity applia nce. T o s ession in to the ASA 550 0-X IPS SSP from ...

  • Cisco Systems IPS4520K9 - page 234

    A- 6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appen dix A Log ging In to the Se nsor Logging In to the ASA 5585-X IPS SSP For More Informatio n For the proc edure f or using th e setup command to initialize the ASA 5500-X IPS SSP, see Adv anced Setup for the ASA 5 500-X I PS SSP , page B- 17 ...

  • Cisco Systems IPS4520K9 - page 235

    A-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix A Logging In to the Sens or Logging In to the Senso r For More Informatio n For the procedure for initializing the ASA 5585- X IPS SSP using th e setup command, s ee Adv anced Setup for the ASA 5 585-X I PS SSP , page B- 21 . Logg ...

  • Cisco Systems IPS4520K9 - page 236

    A- 8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appen dix A Log ging In to the Se nsor Logging I n to the Sensor ...

  • Cisco Systems IPS4520K9 - page 237

    B-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX B Initializing the Sensor Contents This chapter de scribes how to use the setup command to initialize the sensor , and contai ns the follo wing sections: • Understanding Initialization, page B-1 • Simplified Setup Mode, page B- ...

  • Cisco Systems IPS4520K9 - page 238

    B-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Simplified Setup Mode Simplified Setup Mode The sensor automatically ca lls the setup command when you co nnect t o the s enso r using a con sole cable and the se nsor basic networ k settings have not yet been co ...

  • Cisco Systems IPS4520K9 - page 239

    B-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor System Conf igurati on Dialog Default settings are in square brackets '[]'. Current time: Wed Nov 11 21:19:51 2009 Setup Configuration last modified: Enter host name[sensor]: Enter IP interface[ ...

  • Cisco Systems IPS4520K9 - page 240

    B-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Basic Sensor Setu p Purpose: Tracks product efficacy Participation Level = "Full" additionally includes: * Type of Data: Victim IP Address and port Purpose: Detect threat behavioral patterns Do you agre ...

  • Cisco Systems IPS4520K9 - page 241

    B-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Basic Senso r Setup Step 7 Y ou must co nfigure a DNS server or an HT TP pr oxy server f or glo bal co rrel ation t o op erate: a. Ente r yes to ad d a DNS serv er , and the n enter t he DN S serv er IP a ...

  • Cisco Systems IPS4520K9 - page 242

    B-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Basic Sensor Setu p o. Specify the standar d time zone offset. Specify the stan dard time zone offset from UTC in minutes (negative number s repre sent t ime zones west of t he Prim e Mer idian) . The defaul t is ...

  • Cisco Systems IPS4520K9 - page 243

    B-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup exit service global-correlation network-participation full exit [0] Go to the command prompt without saving this config. [1] Return to setup without saving this config. [2] Save this config ...

  • Cisco Systems IPS4520K9 - page 244

    B-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup Note Adding new subinte rfaces is a two-step proce ss. Y ou first organize the interfaces when you e dit the virtual sensor c onfiguration. Y ou then choose whic h inter faces and subinterface s a ...

  • Cisco Systems IPS4520K9 - page 245

    B-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Note The follo wing options let you create and delete interfa ces. Y ou assign the interfaces t o virtual sensors in the virtual sensor c onfiguration. If you are using promiscuo us mode fo ...

  • Cisco Systems IPS4520K9 - page 246

    B-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup [3] Add/Modify Promiscuous Vlan Groups. [4] Add/Modify Inline Interface Pairs. [5] Add/Modify Inline Interface Pair Vlan Groups. [6] Modify interface default-vlan. Option: Step 14 Ente r 4 to ad ...

  • Cisco Systems IPS4520K9 - page 247

    B-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Step 21 Ente r 4 to add inline in te r face pa ir Ne wP air . Step 22 Press Enter to return to the top-lev el virtual sensor menu. Virtual Sensor: vs0 Anomaly Detection: ad0 Event Action R ...

  • Cisco Systems IPS4520K9 - page 248

    B-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup subinterface-type inline-vlan-pair subinterface 1 description Created via setup by user asmith vlan1 200 vlan2 300 exit exit exit physical-interfaces GigabitEthernet0/1 admin-state enabled exit p ...

  • Cisco Systems IPS4520K9 - page 249

    B-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Step 30 Apply the mo st recent service pa ck and signa ture update. Y ou ar e now ready to configure your a ppliance for intrusion prevention. For More Informatio n • For the procedure f ...

  • Cisco Systems IPS4520K9 - page 250

    B-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup Note Y ou do not ne ed to configure interfaces on the ASA 5500 AIP SSM. Y ou should ig nore the modify interf ace def ault VLAN setting. T he se paration of traf f ic across virtual sensors is co ...

  • Cisco Systems IPS4520K9 - page 251

    B-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Step 15 Ente r 1 to use the existing anomaly de tection configuration, ad0. Signature Definition Configuration [1] sig0 [2] Create a new signature definition configuration Option[2]: Step ...

  • Cisco Systems IPS4520K9 - page 252

    B-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup no login-banner-text exit time-zone-settings offset 0 standard-time-zone-name UTC exit summertime-option disabled ntp-option disabled exit service web-server port 342 exit service analysis-engine ...

  • Cisco Systems IPS4520K9 - page 253

    B-17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup For More Informatio n • For the procedure for obtaining the most recent IPS software, see Obtaining Cisco IPS Sof tware, page C-1 • For the proc edure for using HTTPS to log in to th e ...

  • Cisco Systems IPS4520K9 - page 254

    B-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup [1] Modify interface default-vlan. Option: Step 8 Press Enter to retu rn to the top-lev el interface and virtual sensor co nfiguration menu. [1] Edit Interface Configuration [2] Edit Virtual Sens ...

  • Cisco Systems IPS4520K9 - page 255

    B-19 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Step 17 Enter the signature-de finition configuration name , newSig . Event Action Rules Configuration [1] rules0 [2] Create a new event action rules configuration Option[2]: Step 18 Ente ...

  • Cisco Systems IPS4520K9 - page 256

    B-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup exit service web-server port 342 exit service analysis-engine virtual-sensor newVs description New Sensor signature-definition newSig event-action-rules rules0 anomaly-detection anomaly-detection ...

  • Cisco Systems IPS4520K9 - page 257

    B-21 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup – Cisco Intrusion P r evention System Sen sor CLI Configuration Guide for IPS 7. 1 Advanced Setup for the A SA 5585-X I PS SSP T o c ontinue with advanced setup for the A SA 5585-X I PS ...

  • Cisco Systems IPS4520K9 - page 258

    B-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Advance d Setup Step 9 Ente r 2 to edit the virtual sensor configuration. [1] Remove virtual sensor. [2] Modify "vs0" virtual sensor configuration. [3] Create new virtual sensor. Option: Step 10 Ente r ...

  • Cisco Systems IPS4520K9 - page 259

    B-23 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Advanced Setup Note If PortChan nel 0/0 has no t been assig ned to vs0, y ou are prom pted to assign it to the new virtual sensor . Virtual Sensor: newVs Anomaly Detection: ad0 Event Action Rules: rules0 ...

  • Cisco Systems IPS4520K9 - page 260

    B-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Veri fyin g Init iali zati on event-action-rules rules0 anomaly-detection anomaly-detection-name ad0 exit physical-interfaces PortChannel0/0 exit exit service event-action-rules rules0 overrides deny-packet-inli ...

  • Cisco Systems IPS4520K9 - page 261

    B-25 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix B Initializing the Sensor Verifying Initialization T o verify that you initialized your sensor , follo w these steps: Step 1 Log in to the sensor . Step 2 V iew your c onfiguration. sensor# show configuration ! ------------------ ...

  • Cisco Systems IPS4520K9 - page 262

    B-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix B Initializing the Sensor Veri fyin g Init iali zati on summary-mode fire-all exit exit status enabled true exit exit exit ! ------------------------------ service ssh-known-hosts rsa1-keys 10.89.146.1 length 1024 exponent 35 modulus 127 ...

  • Cisco Systems IPS4520K9 - page 263

    CH A P T E R C-1 Cisco I ntrusio n Preventio n System Appl iance an d Module Install ation Guid e for IP S 7.1 OL-24002-01 C Obta ining Software Contents This chapter pro vides information on obtaining Cisc o IPS software for the senso r . It contains th e follo wing sections: • Obtaining C isco IPS Software, pa ge C-1 • IPS 7.1 Files, page C-2 ...

  • Cisco Systems IPS4520K9 - page 264

    C-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e IPS 7.1 Files Step 3 Under Select a Sof tware Produc t Category , choose Security So ftwar e . Step 4 Choose Intrusion Prev ention System (IPS) . Step 5 Enter your username an d password. Step 6 In the Do wnload Sof ...

  • Cisco Systems IPS4520K9 - page 265

    C-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software IPS Software Ve rsioning IPS Software Versioning When yo u do wnlo ad IPS softwar e im ages fr om Cisc o.com, you s hould u nderst and the ve rsion ing scheme so that you know which files are base file s, which ...

  • Cisco Systems IPS4520K9 - page 266

    C-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e IPS Software Versioning Figure C-1 illustrate s what each par t of the I PS software file represents for m ajor and minor up dates, service pack s, and patc h releases. Figur e C-1 IPS Sof tw ar e File Name for Maj ...

  • Cisco Systems IPS4520K9 - page 267

    C-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software IPS Software Ve rsioning Signa ture En gine Upd ate A signature e ngine upd ate is an executable f ile containi ng binary c ode to sup port new signature updates. Signature eng ine fil es requir e a specific se ...

  • Cisco Systems IPS4520K9 - page 268

    C-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e IPS Software Releas e Examples IPS Software Release Ex amples Ta b l e C - 1 lists platform-inde pendent Cisco IPS software release e xamples . Ta b l e C - 2 describes platfo rm-de penden t software re lease exam p ...

  • Cisco Systems IPS4520K9 - page 269

    C-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Acce ssing I PS Docu mentati on Ta b l e C - 1 describes the platform identif iers used in platform-specifi c names. For More Informatio n For instr uctions on ho w to access th ese f iles on Cisco .com, see Ob ...

  • Cisco Systems IPS4520K9 - page 270

    C-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Cisco Security Inte lligence Operatio ns Note Although you will see references to other IPS do cumentation sites on Cisco. com, this is the site with the most complete and up-to-date IPS documentation. Step 5 Click ...

  • Cisco Systems IPS4520K9 - page 271

    C-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Obtaining a Li cense Key From Cis co.com • Obtaining a Lic ense for the IPS 4270 -20, page C-14 • Licensing the ASA 5500- X IPS SSP , page C-15 • Uninstalling the L icense K ey , page C- 15 Understand ing ...

  • Cisco Systems IPS4520K9 - page 272

    C-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Obtaining a License Key Fr om Cisco.c om When you purchase the following IPS produ cts you m ust also purc hase a Cisco Services for IPS servic e contract : • IPS 4240 • IPS 4255 • IPS 4260 • IPS 4270-20 ? ...

  • Cisco Systems IPS4520K9 - page 273

    C-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Obtaining a Li cense Key From Cis co.com Step 3 The Lice nsing pa ne disp lays th e status of the cur rent licens e. If you ha v e alrea dy install ed your lice nse, you can clic k Downlo ad to sa v e it if ne ...

  • Cisco Systems IPS4520K9 - page 274

    C-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Obtaining a License Key Fr om Cisco.c om Use th e cop y sourc e-url license_file_name lice nse-key comma nd to copy the lic ense key to your sensor . The following options ap ply: • sour ce-url —The loca tion o ...

  • Cisco Systems IPS4520K9 - page 275

    C-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Obtaining a Li cense Key From Cis co.com Note Y ou must ha ve th e correct IPS dev ice seri al numbe r and prod uct identi fi er (PID) because the license key only f unctions on the device with that number . S ...

  • Cisco Systems IPS4520K9 - page 276

    C-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Obtaining a License Key Fr om Cisco.c om For More Informatio n • For the proc edure for adding a remote h ost to the SSH k nown hosts list, f or the IDM refer to Defining Known Hosts Keys , for the IME re fer to ...

  • Cisco Systems IPS4520K9 - page 277

    C-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Appendix C Obtaining Software Obtaining a Li cense Key From Cis co.com Licensing the ASA 550 0-X IPS SS P For the ASA 5500-X ser ies adapti v e secu rity appl ia nces with the IPS SSP , the ASA requires the IPS Module licen se. T o vie w y ...

  • Cisco Systems IPS4520K9 - page 278

    C-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix C Obtainin g Softwar e Obtaining a License Key Fr om Cisco.c om system is using 33.6M out of 160.0M bytes of available disk space (21% usage) application-data is using 70.5M out of 169.4M bytes of available disk space (44% usage) boot is ...

  • Cisco Systems IPS4520K9 - page 279

    D- 1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX D Upgrading, Downgrading, a nd Installing System Images Contents This ch apte r descr ibes how to upgr ade, downgrade, an d install syste m images. It co ntains the f ollo wing sections: • System I mage N otes and Cav e ats, pag ...

  • Cisco Systems IPS4520K9 - page 280

    D- 2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Upgrades , Downgrad es, and System Ima ges • Y ou ca nnot use the downgrade com mand to revert to a pre vious major or mino r version, for example, fr om Cisco IPS 7.1 to 7. 0. ...

  • Cisco Systems IPS4520K9 - page 281

    D-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Upgradi ng the Sen sor For More Informatio n • For the proc edure for downloading I PS software updates from C isco.com, see Obtaining Cisco IPS Software , page C -1 . ? ...

  • Cisco Systems IPS4520K9 - page 282

    D- 4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Upgradin g the Sensor Note Y o u are promp ted for a pa ssword. – scp:—Sour ce URL for the SC P network se rver . The syn tax fo r this pr efix is: scp:/ /[[us ername@] locat ...

  • Cisco Systems IPS4520K9 - page 283

    D-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Upgradi ng the Sen sor Note Major u pdates , minor updates , and ser vice pa cks may fo rce a res tart of the IPS pro cesses or e v en force a reboot of the sensor to compl ...

  • Cisco Systems IPS4520K9 - page 284

    D- 6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Configuring A utomatic Up grades Upgrading th e Recovery Partition Use the upgrade command to upg rade the recov ery partition wi th the most recent version so that it is ready i ...

  • Cisco Systems IPS4520K9 - page 285

    D-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Configuring Automatic Upgrade s Understand ing Automa tic Upgrades Cautio n In IPS 7.1 (5)E4 and later th e defa ult v alue o f the Cisc o serv er IP addr ess has b een cha ...

  • Cisco Systems IPS4520K9 - page 286

    D- 8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Configuring A utomatic Up grades • schedule-option —Specifies the schedule s for whe n Cisco se rver automatic upgrades o ccur . Calendar schedulin g starts upgra des at spec ...

  • Cisco Systems IPS4520K9 - page 287

    D-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Configuring Automatic Upgrade s Step 3 Configure the sensor to automatically look for ne w upgra des either on Cisco.c om or on yo ur file server: a. On Cis co.com. C ontin ...

  • Cisco Systems IPS4520K9 - page 288

    D-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Downgra ding the Sen sor user-name: tester password: <hidden> file-copy-protocol: ftp default: scp ----------------------------------------------- sensor(config-hos-ena)# S ...

  • Cisco Systems IPS4520K9 - page 289

    D-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Recovering the Application Partition Recovering the App lication Parti tion Y ou can recov er the application partition image for the sensor if it becomes unusable. So me ...

  • Cisco Systems IPS4520K9 - page 290

    D-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images For More Informatio n • For the procedure for upgrading the recovery partition to the most recent version, see Up grading the Recov ery Partiti on, pa ...

  • Cisco Systems IPS4520K9 - page 291

    D-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images TFTP Serve rs R OMMON use s TFTP to download an image a nd launch it. TFTP does n ot address network issues suc h as latenc y or error reco very . ...

  • Cisco Systems IPS4520K9 - page 292

    D-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Installing the IPS 4270-20 Syste m Image Y ou ca n install the IPS 4270-20 system image by using the R OMMO N on the appliance to TFTP the system image ...

  • Cisco Systems IPS4520K9 - page 293

    D-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images • Gateway—Specifies the gateway IP address used by the IPS 4270-20. • Port—Spec if ies the Ethern et interface used for IPS 4270-20 mana g ...

  • Cisco Systems IPS4520K9 - page 294

    D-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Step 11 Do wnload a nd insta ll the system image. rommon> tftp Cautio n T o avoid corrupting the s ystem imag e, do n ot remove power from the IPS 42 ...

  • Cisco Systems IPS4520K9 - page 295

    D-17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images 00 1D 04 8086 25AB System 00 1D 05 8086 25AC IRQ Controller 00 1D 07 8086 25AD Serial Bus 9 00 1E 00 8086 244E PCI-to-PCI Bridge 00 1F 00 8086 25A ...

  • Cisco Systems IPS4520K9 - page 296

    D-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images • Conf ig—Unused by t hese pl atfor ms. Note Not all v alues are required to establi sh networ k con nectivity . The ad dress, server, gateway , and ...

  • Cisco Systems IPS4520K9 - page 297

    D-19 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images Step 11 Ente r set and press Enter to v erify the netw ork settings. Note Y ou can us e the sync command to store these settings in NVRAM so they ...

  • Cisco Systems IPS4520K9 - page 298

    D-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. The sys tem en ters R OMMON mode. T he rommon> prompt ap pears. Step 4 Check ...

  • Cisco Systems IPS4520K9 - page 299

    D-21 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images Step 9 If necessa ry define the pa th and filenam e on the T FTP file server fro m which you are downloading the image. rommon> IMAGE= path/fil ...

  • Cisco Systems IPS4520K9 - page 300

    D-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images T o install the system image on the ASA 5500-X IPS SSP, follow these steps: Step 1 Do wnload th e IPS syst em image f ile co rrespond ing to your ASA pl ...

  • Cisco Systems IPS4520K9 - page 301

    D-23 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images Note T o debug any er rors that may hap pen in the recovery proc ess, use the debug module-boot comman d to enable debugging of the syste m reimag ...

  • Cisco Systems IPS4520K9 - page 302

    D-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Step 3 Enter en able mode. asa# enable Step 4 Configure the reco very settings for the ASA 5585-X IPS SSP. asa (enable)# hw-module module 1 recover conf ...

  • Cisco Systems IPS4520K9 - page 303

    D-25 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images App. name: IPS App. Status: Up App. Status Desc: Normal Operation App. version: 7.1(3)E4 Data plane Status: Up Status: Up Mgmt IP addr: 192.0.2.0 ...

  • Cisco Systems IPS4520K9 - page 304

    D-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Step 2 Boot the ASA 5585-X IPS SSP. Booting system, please wait... CISCO SYSTEMS Embedded BIOS Version 0.0(2)10 11:16:38 04/15/10 Com KbdBuf SMM UsbHid ...

  • Cisco Systems IPS4520K9 - page 305

    D-27 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix D Upgrading, Do wngradin g, and Installing Sys tem Images Installing System Images Note Not all v alues are required to establi sh networ k co nnecti vity . The add ress, s erv er , gate w ay , and im age values are required. If ...

  • Cisco Systems IPS4520K9 - page 306

    D-28 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x D Upgrading, Downgrading, and In stalli ng System Image s Installing Syst em Images Step 11 Ente r set and press Enter to verify the network settings. Note Y ou can us e the sync command to store these settings in NVRAM so they are main ...

  • Cisco Systems IPS4520K9 - page 307

    E-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX E Troubleshooting Contents This appe ndix conta ins troub leshooting tips and pro cedur es for sensors an d so ftware. It contai ns the follo wing sections: • Pre venti ve Maintenance, page E-1 • Disaster Recovery , page E-6 ? ...

  • Cisco Systems IPS4520K9 - page 308

    E-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Preventive M aintenance • Creatin g the Service Acc ount, page E- 5 Understand ing Preve ntive Mainte nance The following actions will help you maintain your sensor: • Back up a good configuration. If your curren ...

  • Cisco Systems IPS4520K9 - page 309

    E-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting P reven tive Mainte nance sensor# copy /erase backup-config current-config Backing Up and Restorin g the Configu ration File Usin g a Remote Se rver Note W e reco mmend c opying the cur rent con f igurat ion file ...

  • Cisco Systems IPS4520K9 - page 310

    E-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Preventive M aintenance Cautio n Copying a co nfiguration file from anothe r sens or may r esult in errors if the sensing interfac es and virtua l senso rs are not co nf igur ed the same. Backing Up the Cu rrent Confi ...

  • Cisco Systems IPS4520K9 - page 311

    E-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting P reven tive Mainte nance Creating the S ervice Acco unt Y ou ca n create a service account for T A C to use during trouble shooting. A lthough mor e than one user can have access to the sensor, only one us er ca ...

  • Cisco Systems IPS4520K9 - page 312

    E-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Disast er Recovery ************************ WARNING ******************************************************* UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. This account is intended to be used for support and ...

  • Cisco Systems IPS4520K9 - page 313

    E-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Recove ring the Passwor d • For the procedu re for using a re mote server to copy and re store the a con f iguration file, see Ba cking Up and Re storing th e Configuration File U sing a R emote Server , page E ...

  • Cisco Systems IPS4520K9 - page 314

    E-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Recovering the Pas sword Recovering the Password for the Applianc e This section describes the two ways to recover the password for appliances . It contains the fo llowing topics: • Using th e GRUB Menu, page E-8 ? ...

  • Cisco Systems IPS4520K9 - page 315

    E-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Recove ring the Passwor d Step 3 Enter the follo wing commands to reset the password: confreg 0x7 boot Sample R OMMON session: Booting system, please wait... CISCO SYSTEMS Embedded BIOS Version 1.0(11)2 01/25/06 ...

  • Cisco Systems IPS4520K9 - page 316

    E-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Recovering the Pas sword Mod MAC Address Range Hw Version Fw Version Sw Version --- --------------------------------- ------------ ------------ --------------- ips 503d.e59c.7c4c to 503d.e59c.7c4c N/A N/A 7.1(4)E4 Mo ...

  • Cisco Systems IPS4520K9 - page 317

    E-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Recove ring the Passwor d Using the ASDM T o reset the password in the ASDM, follo w these steps: Step 1 From the ASDM menu bar, choose T ools > IPS Password Reset . Note This option does not appear in the me ...

  • Cisco Systems IPS4520K9 - page 318

    E-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Recovering the Pas sword Mod Status Data Plane Status Compatibility --- ------------------ --------------------- ------------- 1 Up Up Step 4 Session to the ASA 5585 -X IPS SSP. asa# session 1 Opening command session ...

  • Cisco Systems IPS4520K9 - page 319

    E-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Recove ring the Passwor d Step 3 Click Close to close the dialog box. The sen sor reboots. Disabling Pa sswo rd Recove ry Cautio n If you try to recover the passwor d on a sensor on whic h password recovery is d ...

  • Cisco Systems IPS4520K9 - page 320

    E-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Time Sources and the Sensor sensor (config)# service host sensor (config-hos)# Step 3 V erif y the state of pa ssword recovery by using the include keyword to show settings in a filtered output. sensor(config-hos)# s ...

  • Cisco Systems IPS4520K9 - page 321

    E-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Time Sour ces and the Sensor The IPS Standa lone Ap plianc es • Use the clock s et command to set the time. This is the default. • Configure the appliance to get its time from an NTP time synchronization sou ...

  • Cisco Systems IPS4520K9 - page 322

    E-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Advanta ges and Rest rictions of Virt ualization ... Step 3 Generate the hosts statisti cs again after a f ew minutes. sensor# show statistics host ... NTP Statistics remote refid st t when poll reach delay offset ji ...

  • Cisco Systems IPS4520K9 - page 323

    E-17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Support ed MIBs V irtualization has the following restrictions: • Y ou must assign both sides of asym metric traf fic to t he same virtual sensor . • Using V A CL capture or SP AN (prom iscuous moni toring) ...

  • Cisco Systems IPS4520K9 - page 324

    E-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing When to Di sabl e Anom aly Detec tion Note CISCO-PR OCESS-MIB is a v ailable on the sensor , b ut we do not support it. W e kno w that some elements are not av ailab le. While you can use elements fr om CISCO-PR OCES ...

  • Cisco Systems IPS4520K9 - page 325

    E-19 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Analysi s Engine Not Respond ing • Y ou must have a v alid IPS lice nse to allo w g lobal correlation features to function. • Global co rrelatio n featu res only cont ain ex ternal IP addre sses, so if you p ...

  • Cisco Systems IPS4520K9 - page 326

    E-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting Exter nal Product Interf aces ----- MainApp N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500 Running AnalysisEngine N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500 Not Running CLI N-2007 ...

  • Cisco Systems IPS4520K9 - page 327

    E-21 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance • Y ou ca n configure a maximu m of two external produc t de vices. For More Informatio n • For more information on working with OS maps and identifications, refer to Adding, ...

  • Cisco Systems IPS4520K9 - page 328

    E-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance The Applian ce and Jumbo P acket Fram e Size For IPS standalone applianc es with 1 G and 1 0 G fixed or add -on interface s, the maximum ju mbo fram e size is 9216 bytes. Note A jumbo ...

  • Cisco Systems IPS4520K9 - page 329

    E-23 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance • Check an y in terlock or interco nnect indi cator s that indicate a compon ent is not co nnecte d proper ly . • If pr oblems co ntinue , remo v e and re inst all each d ev ...

  • Cisco Systems IPS4520K9 - page 330

    E-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Cannot Access the Sensor CLI Through Telnet or SSH If you ca nnot access the se nsor CLI throug h T elnet (if you already h av e it enabled) or SSH, follow these steps: Step 1 Log in t ...

  • Cisco Systems IPS4520K9 - page 331

    E-25 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance At any point you may enter a question mark '?' for help. User ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]' ...

  • Cisco Systems IPS4520K9 - page 332

    E-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance For More Informatio n • For th e proc edures for changing the IP ad dress, changi ng the a ccess list, and enabling and di sablin g T el net , refer t o Co nfi guring N etwork Settin ...

  • Cisco Systems IPS4520K9 - page 333

    E-27 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance T o verify th at the sensor in question does not have an IP address con flict with another host on the network, follo w these steps: Step 1 Log in to the CLI. Step 2 Determine wh ...

  • Cisco Systems IPS4520K9 - page 334

    E-28 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance For More Informatio n • T o ma ke sure the sensor cabling is correc t, refe r to the chapter fo r your sensor in this d ocument. • For the p rocedur e for ma king sur e the IP addr ...

  • Cisco Systems IPS4520K9 - page 335

    E-29 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance 6-0600 Upgrade History: IPS-K9-7.1-3-E4 00:30:07 UTC Wed Nov 16 2011 Recovery Partition Version 1.1 - 7.1(3)E4 Host Certificate Valid from: 16-Nov-2011 to 16-Nov-2013 sensor# Ste ...

  • Cisco Systems IPS4520K9 - page 336

    E-30 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Total Bytes Received = 0 Missed Packet Percentage = 0 Current Bypass Mode = Auto_off MAC statistics from interface GigabitEthernet0/1 Media Type = backplane Missed Packet Percentage = ...

  • Cisco Systems IPS4520K9 - page 337

    E-31 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance For More Informatio n • For the proced ure for pr operly installing th e sensing inter face on your se nsor , refer to the chapter on your appliance in this document. • For t ...

  • Cisco Systems IPS4520K9 - page 338

    E-32 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Step 4 Make sure the sensor is seeing packets. sensor# show interfaces FastEthernet0/1 MAC statistics from interface FastEthernet0/1 Media Type = backplane Missed Packet Percentage = 0 ...

  • Cisco Systems IPS4520K9 - page 339

    E-33 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Pair Status = N/A Link Status = Down Link Speed = Auto_1000 Link Duplex = Auto_Full Total Packets Received = 0 Total Bytes Received = 0 Total Multicast Packets Received = 0 Total ...

  • Cisco Systems IPS4520K9 - page 340

    E-34 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Total Jumbo Packets Received = 0 Total Undersize Packets Received = 0 Total Receive Errors = 0 Total Receive FIFO Overruns = 0 Total Packets Transmitted = 0 Total Bytes Transmitted = 0 ...

  • Cisco Systems IPS4520K9 - page 341

    E-35 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance For More Informatio n For more informa tion on IPS syst em architectu re, refe r to System Architect ure. Blocking This sectio n provides troubleshooting he lp for blocki ng an d ...

  • Cisco Systems IPS4520K9 - page 342

    E-36 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Verifying ARC is Running Note The CLI output is an example of wh at your configuration may look like. It will not ma tch exactly due to the optional setup ch oices, sensor mode l, and ...

  • Cisco Systems IPS4520K9 - page 343

    E-37 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance For More Informatio n For more informa tion on IPS syst em architectu re, refe r to System Architect ure. Verifying ARC Conne ctions are Active If the State is not Active in the ...

  • Cisco Systems IPS4520K9 - page 344

    E-38 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Sensor up-time is 13 days. Using 4395M out of 5839M bytes of available memory (75% usage) system is using 26.2M out of 160.0M bytes of available disk space (16% usage) application-data ...

  • Cisco Systems IPS4520K9 - page 345

    E-39 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Device Access Issues The ARC may not be able to acc ess the de vices it is managing. Make sure the yo u have the correct IP address and us ername a nd passwo rd for th e mana ged ...

  • Cisco Systems IPS4520K9 - page 346

    E-40 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance profile-name: r7200 block-interfaces (min: 0, max: 100, current: 1) ----------------------------------------------- interface-name: fa0/0 direction: in -------------------------------- ...

  • Cisco Systems IPS4520K9 - page 347

    E-41 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Step 5 T elnet to th e rout er and v erify that a den y entr y fo r the blocked ad dress exists in th e router ACL. Refer to the rou ter do cumenta tion for the proc edure. Step ...

  • Cisco Systems IPS4520K9 - page 348

    E-42 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance default-signatures-only ----------------------------------------------- specify-service-ports ----------------------------------------------- no --------------------------------------- ...

  • Cisco Systems IPS4520K9 - page 349

    E-43 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Step 4 Initiate a manua l block to a bogu s host IP add ress to make sure the master blocking se nsor is initiating blocks. sensor# configure terminal sensor(config)# service net ...

  • Cisco Systems IPS4520K9 - page 350

    E-44 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance Logging T A C may suggest that you turn on debug logging for troublesh ooting pu rposes. L ogger con trols wh at log messages are generated by each applica tion by controlling the logg ...

  • Cisco Systems IPS4520K9 - page 351

    E-45 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Step 9 T urn on ind i vidual zone cont rol. sensor(config-log-mas)# individual-zone-control true sensor(config-log-mas)# show settings master-control ---------------------------- ...

  • Cisco Systems IPS4520K9 - page 352

    E-46 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance zone-name: tls severity: warning <defaulted> ----------------------------------------------- sensor(config-log)# Step 12 Change the sev erity lev el (d eb ug, timing , warning, o ...

  • Cisco Systems IPS4520K9 - page 353

    E-47 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance sensor(config-log)# show settings master-control ----------------------------------------------- enable-debug: true default: false individual-zone-control: true default: false -- ...

  • Cisco Systems IPS4520K9 - page 354

    E-48 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance For More Informatio n For a list of wha t each zone n ame refers t o, see Zone Names, page E -48 . Zone Names Ta b l e E - 2 lists the debug logger zone na mes: For More Informatio n T ...

  • Cisco Systems IPS4520K9 - page 355

    E-49 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance Directing cidLog Messages to SysLog It might be useful to direct cidLog messages to syslog. T o d irect cidL og messages to syslog, follow these steps: Step 1 Go to the idsRoot/e ...

  • Cisco Systems IPS4520K9 - page 356

    E-50 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance TCP Rese t Not Occurring for a S ignature If you do not hav e the event action set to rese t, the TCP reset do es not oc cur for a specific signa ture. Note TCP Resets are not supporte ...

  • Cisco Systems IPS4520K9 - page 357

    E-51 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance appInstanceId: 1004 signature: sigId=20000 sigName=STRING.TCP subSigId=0 version=Unknown addr: locality=OUT 172.16.171.19 port: 32771 victim: addr: locality=OUT 172.16.171.13 por ...

  • Cisco Systems IPS4520K9 - page 358

    E-52 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the Appl iance For More Informatio n • For more information on runn ing th e se tup comman d, see Appendix B, “Initializing t he Sensor . ” • For more information on reim aging y our senso r ...

  • Cisco Systems IPS4520K9 - page 359

    E-53 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoot ing the App liance to do wnlo ad the ch osen pack age fro m a Cisc o fil e serv er . The IP addres s may ch ange f or the Cis co file server , b ut you can find it in the lastDo wnloadAttempt secti ...

  • Cisco Systems IPS4520K9 - page 360

    E-54 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the IDM Step 8 Upgrad e the sensor . sensor(config)# upgrade scp://service @ s ensor_ip _addres s/ upgrade / ips_package_ file_n ame Enter password: ***** Re-enter password: ***** For More Informatio ...

  • Cisco Systems IPS4520K9 - page 361

    E-55 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troubl eshoo ting the I DM d. Click the Cache tab . e. Click Clear . Step 3 If you hav e Jav a Plug-in 1.4. x installed: a. Click Start > Settings > Contr ol Panel > J ava Plug-in 1.4.x . b. Click the A ...

  • Cisco Systems IPS4520K9 - page 362

    E-56 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the IME telnet-option enabled access-list 0.0.0.0/0 ftp-timeout 300 no login-banner-text exit time-zone-settings offset 0 standard-time-zone-name UTC exit summertime-option disabled ntp-option disabl ...

  • Cisco Systems IPS4520K9 - page 363

    E-57 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesh ooting the ASA 5500 AIP SSM Time Sync hron izat ion o n th e IME a nd th e Sens or Sympto m The I ME d ispl ays No Data A vailab le on the Events dashb oard. A historical query does no t return an y e ...

  • Cisco Systems IPS4520K9 - page 364

    E-58 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the ASA 5 500 AIP SSM • The A SA 550 0 AIP SSM and Ju mbo Packets, pa ge E- 62 • TCP Reset Diff erences B etween IPS Applia nces and ASA IPS Mo dules, pa ge E-62 Health and S tatus Information T ...

  • Cisco Systems IPS4520K9 - page 365

    E-59 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesh ooting the ASA 5500 AIP SSM 1 Up asa(config)# If you hav e problems with reima ging the ASA 550 0 AIP SSM, use the debug module-boot comman d to see the output as the module boo ts. Make sure you hav e ...

  • Cisco Systems IPS4520K9 - page 366

    E-60 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the ASA 5 500 AIP SSM Failover Sce narios The follo wing failo ver sc enarios apply to the ASA in the e vent of configuration changes, signature/signatur e engine update s, service pac ks, and Sensor ...

  • Cisco Systems IPS4520K9 - page 367

    E-61 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesh ooting the ASA 5500 AIP SSM failover failover lan unit secondary failover lan interface folink GigabitEthernet0/7 failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2 The ASA 55 0 ...

  • Cisco Systems IPS4520K9 - page 368

    E-62 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubles hooting the ASA 5 500 AIP SSM The ASA 55 00 AIP SSM a nd the Data P lane Sympto m The A SA 5500 A IP SSM da ta plan e is kept in the Up sta te whil e applyi ng sign ature upd ates. Y o u can chec k the AS A ...

  • Cisco Systems IPS4520K9 - page 369

    E-63 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP Troubleshooting the ASA 5500-X IPS SSP Note Before troubleshooting the ASA 5500-X IPS SSP, check the Ca v eats section of the Readme for the software version installed on ...

  • Cisco Systems IPS4520K9 - page 370

    E-64 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Two ASA 5500-X s in Fail- Close Mode • If the ASAs are conf igured in fail-close mode , and if the ASA 5500-X IPS SSP on the acti v e ASA experien ces a configuration c hang ...

  • Cisco Systems IPS4520K9 - page 371

    E-65 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP The output shows that the ASA 5500-X IPS SSP is up. If the status r eads Down , you can reset it using the sw-module module 1 reset comm and. If you have problems with re ...

  • Cisco Systems IPS4520K9 - page 372

    E-66 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Mod-ips 266> DMI 2.4 present. Mod-ips 267> last_pfn = 0x201400 max_arch_pfn = 0x100000000 Mod-ips 268> last_pfn = 0xdfffd max_arch_pfn = 0x100000000 Mod-ips 269> i ...

  • Cisco Systems IPS4520K9 - page 373

    E-67 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP Mod-ips 328> hugetlb_lowmem_setup: Allocated 2097152 huge pages (size=0x200000) from lowmem are Mod-ips 329> a at 0xffff88002ee00000 phys addr 0x000000002ee00000 Mo ...

  • Cisco Systems IPS4520K9 - page 374

    E-68 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Mod-ips 384> CPU: L2 cache: 4096K Mod-ips 385> CPU 4/0x4 -> Node 0 Mod-ips 386> CPU4: Intel QEMU Virtual CPU version 0.12.5 stepping 03 Mod-ips 387> Booting pro ...

  • Cisco Systems IPS4520K9 - page 375

    E-69 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP Mod-ips 446> pci 0000:00:01.0: Activating ISA DMA hang workarounds Mod-ips 447> pci_hotplug: PCI Hot Plug PCI Core version: 0.5 Mod-ips 448> pciehp: PCI Express ...

  • Cisco Systems IPS4520K9 - page 376

    E-70 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Mod-ips 510> serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A Mod-ips 511> 00:06: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A Mod-ips 512> 00:07: ttyS1 at I/O 0x2f8 ...

  • Cisco Systems IPS4520K9 - page 377

    E-71 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP Mod-ips 571> 51216 blocks Mod-ips 572> Checking rootrw fs: corrected filesystem Mod-ips 573> kjournald starting. Commit interval 5 seconds Mod-ips 574> EXT3 F ...

  • Cisco Systems IPS4520K9 - page 378

    E-72 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 550 0-X IPS SSP Mod-ips 633> Starting CIDS: Mod-ips 634> starting pid 1718, tty '/dev/ttyS0': '/sbin/getty -L ttyS0 9600 vt100' The ASA 55 00-X IPS S SP and the Norm ...

  • Cisco Systems IPS4520K9 - page 379

    E-73 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5500- X IPS SSP The ASA 55 00-X IPS S SP and Memory Usag e For the ASA 55 00-X IPS SSP , th e memo ry usage is 93%. The default hea lth thresholds for the sens or are 80% for ye llow and ...

  • Cisco Systems IPS4520K9 - page 380

    E-74 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 558 5-X IPS SSP TCP Rese t Differences Between IP S Appliance s and ASA IPS Modules The IPS applianc e sends TCP rese t packets to both the attack er and vi ctim when Reset TCP Conne ction is ...

  • Cisco Systems IPS4520K9 - page 381

    E-75 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5585- X IPS SSP • If the ASA is configured in fail-open mode f or the ASA 5 585-X I PS SSP, and the ASA 5585-X IPS SSP e xperiences a SensorApp crash or a service pack upgrade, traff i ...

  • Cisco Systems IPS4520K9 - page 382

    E-76 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 558 5-X IPS SSP Traffic Flow S topped on IPS Switchp orts Problem T raf fic on a ny port located on the ASA 5585-X IPS SSP (1/x) no longer passes through the adaptive security ap pliance when ...

  • Cisco Systems IPS4520K9 - page 383

    E-77 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5585- X IPS SSP App. Status: Not Applicable App. Status Desc: Not Applicable App. version: 7.1(1)E4 Data plane Status: Not Applicable Status: Shutting Down asa# show module 1 details Get ...

  • Cisco Systems IPS4520K9 - page 384

    E-78 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Troubleshoot ing the ASA 558 5-X IPS SSP Firmware version: 2.0(7)0 Software version: 7.1(1)E4 MAC Address Range: 5475.d029.7f9c to 5475.d029.7fa7 App. name: IPS App. Status: Up App. Status Desc: Normal Operation App. ...

  • Cisco Systems IPS4520K9 - page 385

    E-79 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Troublesho oting the ASA 5585- X IPS SSP Slot-1 167> SERVER=192.0.2.15 Slot-1 168> GATEWAY=192.0.2.254 Slot-1 169> PORT=GigabitEthernet0/0 Slot-1 170> VLAN=untagged Slot-1 171> IMAGE=IPS-SSP_10-K9 ...

  • Cisco Systems IPS4520K9 - page 386

    E-80 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion For More Informatio n For deta iled informat ion about the Normaliz er engine, see Normalizer Engine . The AS A 5585-X IPS SSP and Jumb o Packet F rame S ize Refer to the following URL for i ...

  • Cisco Systems IPS4520K9 - page 387

    E-81 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information This section contains the following topics: • Health and Network Security Information, page E-81 • T ech Support Inf ormation, pa ge E-82 • V ersio n Inform ation, page E -85 • Stat ...

  • Cisco Systems IPS4520K9 - page 388

    E-82 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Tech Sup port Information The show tech -supp ort command is useful fo r capturing all sensor status and con f iguratio n information . This section describes the show tech-support command , ...

  • Cisco Systems IPS4520K9 - page 389

    E-83 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Step 3 T o s end the output (in HTML format) to a file: a. Enter the following c ommand, follo wed by a v alid destinat ion. The password: prompt a ppears. sensor# show tech-support destina ...

  • Cisco Systems IPS4520K9 - page 390

    E-84 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion 6-0600 Running CLI S-2011_NOV_16_00_20_7_1_3_46 (Release) 2011-11-16T00:23:0 6-0600 Upgrade History: IPS-K9-7.1-3-E4 00:30:07 UTC Wed Nov 16 2011 Recovery Partition Version 1.1 - 7.1(3)E4 Ho ...

  • Cisco Systems IPS4520K9 - page 391

    E-85 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Total Transmit Errors = 0 Total Transmit FIFO Overruns = 0 MAC statistics from interface Management0/1 Interface function = Reserved for future use Output from show statistics authenticatio ...

  • Cisco Systems IPS4520K9 - page 392

    E-86 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Understanding the show version Command The sh ow ve rsi o n command s ho ws t he basic sens or info rmation and can indicate where a f ailure is occurr ing. It giv es the follo wing informa ...

  • Cisco Systems IPS4520K9 - page 393

    E-87 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Upgrade History: IPS-K9-7.1-3-E4 00:30:07 UTC Wed Nov 16 2011 Recovery Partition Version 1.1 - 7.1(3)E4 Host Certificate Valid from: 16-Nov-2011 to 16-Nov-2013 sensor# Note If the —-MORE- ...

  • Cisco Systems IPS4520K9 - page 394

    E-88 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion ! ------------------------------ service trusted-certificates exit ! ------------------------------ service web-server exit ! ------------------------------ service anomaly-detection ad0 exi ...

  • Cisco Systems IPS4520K9 - page 395

    E-89 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information • T ransa ction Sou rce • V irtua l Sensor • We b S e r v e r Displayin g Statistics Use the show statistics [analysis-engine | anomaly-d etection | authe ntica tion | denied-attacker ...

  • Cisco Systems IPS4520K9 - page 396

    E-90 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion The Signature Database Statistics. Total nodes active = 0 TCP nodes keyed on both IP addresses and both ports = 0 UDP nodes keyed on both IP addresses and both ports = 0 IP nodes keyed on bo ...

  • Cisco Systems IPS4520K9 - page 397

    E-91 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information SimulatedDenyFilterRuleMatch = 0 TcpDeniesDueToGlobalCorrelation = 0 TcpDeniesDueToOverride = 0 TcpDeniesDueToOverlap = 0 TcpDeniesDueToOther = 0 SimulatedTcpDeniesDueToGlobalCorrelation = ...

  • Cisco Systems IPS4520K9 - page 398

    E-92 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion No attack Detection - ON Learning - ON Next KB rotation at 10:00:00 UTC Sat Jan 18 2008 Internal Zone TCP Protocol UDP Protocol Other Protocol External Zone TCP Protocol UDP Protocol Other P ...

  • Cisco Systems IPS4520K9 - page 399

    E-93 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information The number of times the event store circular buffer has wrapped = 0 Number of events of each type currently stored Status events = 4257 Shun request events = 0 Error events, warning = 669 E ...

  • Cisco Systems IPS4520K9 - page 400

    E-94 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Command Control Port Device = Management0/0 Network Statistics = ma0_0 Link encap:Ethernet HWaddr 00:04:23:D5:A1:8D = inet addr:10.89.130.98 Bcast:10.89.131.255 Mask:255.255.254.0 = UP BROAD ...

  • Cisco Systems IPS4520K9 - page 401

    E-95 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information BlockMaxEntries = 11 MaxDeviceInterfaces = 250 NetDevice Type = PIX IP = 10.89.150.171 NATAddr = 0.0.0.0 Communications = ssh-3des NetDevice Type = PIX IP = 192.0.2.4 NATAddr = 0.0.0.0 Comm ...

  • Cisco Systems IPS4520K9 - page 402

    E-96 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion AclSupport = uses Named ACLs Version = 12.2 State = Active NetDevice IP = 192.0.2.10 AclSupport = Uses VACLs Version = 8.4 State = Active BlockedAddr Host IP = 203.0.113.1 Vlan = ActualIp = ...

  • Cisco Systems IPS4520K9 - page 403

    E-97 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Step 15 Display the statistics for the transacti on server . sensor# show statistics transaction-server General totalControlTransactions = 35 failedControlTransactions = 0 sensor# Step 16 D ...

  • Cisco Systems IPS4520K9 - page 404

    E-98 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Number of exec Clear commands during uptime = 0 Denied Attackers and hit count for each. Denied Attackers with percent denied and hit count for each. The Signature Database Statistics. The N ...

  • Cisco Systems IPS4520K9 - page 405

    E-99 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information TCP Packets currently queued for reassembly = 0 Cumulative Statistics for the TCP Stream Reassembly Unit since reset TCP streams that have been tracked since last reset = 0 TCP streams that ...

  • Cisco Systems IPS4520K9 - page 406

    E-100 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Fatal Severity = 0 Error Severity = 14 Warning Severity = 1 Timing Severity = 0 Debug Severity = 0 Unknown Severity = 28 TOTAL = 43 Step 19 V erify that the statistic s hav e been clear ed. ...

  • Cisco Systems IPS4520K9 - page 407

    E-101 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information Interfaces Command Output The following exampl e sh o w s the outpu t from the show interfaces command: sensor# show interfaces Interface Statistics Total Packets Received = 0 Total Bytes ...

  • Cisco Systems IPS4520K9 - page 408

    E-102 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion • Displaying Ev ents, page E-102 • Clearing E vents, page E -105 Sensor Events Ther e are fiv e types of events: • e vAlert—Intrusion detection alerts • e vEr ror—A pplicati on ...

  • Cisco Systems IPS4520K9 - page 409

    E-103 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information The following options ap ply: • alert —Displays alerts. Provides notif ication of some su spicious a ctivity that ma y indicat e an attac k is in process or has been attemp ted. Alert ...

  • Cisco Systems IPS4520K9 - page 410

    E-104 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Step 3 Dis play th e bloc k requ ests beg inni ng at 10: 00 a.m . on Febr uar y 9, 201 1. sensor# show events NAC 10:00:00 Feb 9 2011 evShunRqst: eventId=1106837332219222281 vendor=Cisco or ...

  • Cisco Systems IPS4520K9 - page 411

    E-105 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix E Troubleshooting Gathering Information originator: hostId: sensor appName: mainApp appInstanceId: 2215 time: 2011/01/08 02:41:00 2011/01/08 02:41:00 UTC controlTransaction: command=getVersion successful=true description: Contro ...

  • Cisco Systems IPS4520K9 - page 412

    E-106 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendi x E Troubl eshoot ing Gath erin g Info rmat ion Step 3 Enter the follo wing command. /usr/cids/idsRoot/bin/cidDump Step 4 Enter the followi ng command to compress the resu lt ing /u sr /cid s/ ids Roo t /log/cidDum p.html file. gzip /usr ...

  • Cisco Systems IPS4520K9 - page 413

    F-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 APPENDIX F Cable Pinouts Contents This append ix descri bes pi nout i nformation for 10 /1 00 / 100 0 Ba se T , console, an d RJ 45 to DB 9 port s, and the M GM T 10 /100 Ethe rne t po rt. I t c o n t a i n s th e f o l low i n g t o p ic s ...

  • Cisco Systems IPS4520K9 - page 414

    F-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix F Cable Pin outs Console Port (RJ -45) Figure F-2 shows the 10/100/1 000BaseT (RJ-4 5) port pinouts. Figur e F -2 1 0/1 00/1 00 0 P ort Pinouts Console Port (RJ-45) Figure F-3 sho ws the RJ 45 ca ble. Figur e F -3 RJ-45 Cable T o id entif ...

  • Cisco Systems IPS4520K9 - page 415

    F-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Append ix F Cable Pinouts RJ-45 to DB-9 or DB-25 Exam ine the sequen ce of co lored wi res t o determ ine th e type of RJ -45 cabl e, as follows: • Straigh t-thro ugh—The colo red wires are in the same sequence at both ends of the cable ...

  • Cisco Systems IPS4520K9 - page 416

    F-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 Appendix F Cable Pin outs RJ-45 to DB-9 or DB-25 ...

  • Cisco Systems IPS4520K9 - page 417

    GL-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 GLOSSARY Revised: July 16 , 2012 Numerals 3DES T riple Data Encryption Standard. A stronger ver sio n of DES, which is the default encryption method for SSH version 1.5. Used when e stablishing a n SSH session w ith the sensor . It can be ...

  • Cisco Systems IPS4520K9 - page 418

    Glos sary GL-2 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 ASA 5500 AIP SSM Adv ance d Inspect ion and Pre v ention Security Ser vices Modu le. The IPS p lug-in module in the Cisco ASA 5500 series adapti ve security appliance. The ASA 55 00 AIP SSM is an IPS services module that monitors and pe ...

  • Cisco Systems IPS4520K9 - page 419

    Glossary GL-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 arch itect ure The o v eral l stru cture o f a co mputer or c ommunica tion s ystem . The architec ture in flue nces the capabilities and limitations of the syst em. ARP Address Resolution Protocol. Internet protocol used to ma p ...

  • Cisco Systems IPS4520K9 - page 420

    Glos sary GL-4 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 B backpla ne The physica l connection betw een an interface pro cessor or card and the da ta buses and the power dis- tribution b uses inside a chassis. base ve rsion A softw are rel ease that must be installed befor e a follo w- up rel ...

  • Cisco Systems IPS4520K9 - page 421

    Glossary GL-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 certificate Digit al re prese nta tion o f user o r de vi ce attrib utes, including a public key , that is signed with an author itat i ve priv ate key . cidDump A scrip t that captu res a lar ge am ount of information including t ...

  • Cisco Systems IPS4520K9 - page 422

    Glos sary GL-6 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 cookie A piece of inform ation sen t by a web serve r to a web bro ws er that the bro wser is exp ected to sa v e and send b ack to the we b ser ver whene v er th e bro wser mak es addit ional reque sts of the web serv er . CSA MC Cisco ...

  • Cisco Systems IPS4520K9 - page 423

    Glossary GL-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 DES Data En crypti on S tanda rd. A stron g encry ption meth od where the strength lies in a 56-bit key rather than an algorithm. destination address Address of a n etwork device that is receiving data . DIMM Dual In-line Memory M ...

  • Cisco Systems IPS4520K9 - page 424

    Glos sary GL-8 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 F fail clos ed Blocks traffi c on the device after a hardware failure. fail open Lets traf f ic pass through the d e vice after a hardware failure. false ne gative A signatur e is not fired when offending traffic is detec ted. false pos ...

  • Cisco Systems IPS4520K9 - page 425

    Glossary GL-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 FQDN Fully Qualif ied Domain Name.A doma in name that specifies its e xact loca tion in th e tree h ierarch y of the DNS. It specif ies all domain lev els, including th e top-le vel domain, relati ve to the root d omain. A fully q ...

  • Cisco Systems IPS4520K9 - page 426

    Glos sary GL-10 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 hardwa re bypass A specialized interf ace card that pairs physical inte r faces so that when a softw are err or is detected, a bypass mechan ism is e ngaged tha t directly connec ts the physical interfaces and allo ws traf fic to flo w ...

  • Cisco Systems IPS4520K9 - page 427

    Glossary GL-11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 InterfaceApp A component of the IPS. Handles bypass and physical settings and defines paired interface s. Physical settings are speed, d uplex, and administra ti ve state. intrusion de tection system IDS. A security serv ice that ...

  • Cisco Systems IPS4520K9 - page 428

    Glos sary GL-12 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 KB Knowledge Base. The sets of thresholds learned by Anom aly Detection and used for worm virus detection. Knowledge Base See KB. L LACP Link Aggregation Control Protoc ol . LA CP aids in the au tomatic crea tion of EtherChannel links ...

  • Cisco Systems IPS4520K9 - page 429

    Glossary GL-13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 MD5 Message D igest 5. A one- way hashing algorith m that pro duces a 1 28-bit hash . Both MD5 and Secure Hash Algori thm (SH A) are variat ions on MD4 an d streng then th e secu rity o f the MD4 hash ing algo rit hm. C isc o use ...

  • Cisco Systems IPS4520K9 - page 430

    Glos sary GL-14 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 NBD Nex t Bus iness D ay . The arri val of repl acemen t hard ware acco rding to Cisc o ser vice co ntra cts. Neighborh ood Disco very Protocol fo r IPv6. IPv6 node s on the same link use Neighbo r Discovery to discov er each other’ ...

  • Cisco Systems IPS4520K9 - page 431

    Glossary GL-15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 O OIR online insertion and remov al. Feature that permits you to add, repla ce, or remove cards without interrupting the system po wer, entering console c o mman ds, or cau sing other software o r interface s to shut do wn. OPS O ...

  • Cisco Systems IPS4520K9 - page 432

    Glos sary GL-16 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 PER packed enc oding rules. Instead of using a generic st yle of en coding that enc odes al l types in a u nifor m way , PER speciali zes the enco ding base d on the da te type to gene rate mu ch more com pact representations. PFC Poli ...

  • Cisco Systems IPS4520K9 - page 433

    Glossary GL-17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 RAM random- access memo ry . V olatile memor y that can be read an d written by a microproce ssor . RAS Registration, Admission , and Status Protocol. Pr otocol that is used betwe en endpoints and the gatekeeper to perform m anag ...

  • Cisco Systems IPS4520K9 - page 434

    Glos sary GL-18 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 RTP Real-Time T ransport Pro tocol. Commonly used w ith IP networ ks. R T P is designed to provide end-to-end network transport functions for a pplica tions transmitting real-ti me data, such as audio, video, or simulation data, ov er ...

  • Cisco Systems IPS4520K9 - page 435

    Glossary GL-19 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 sessi on comm and Comman d used on routers an d switche s to pro vide eith er T elnet or console acc ess to a mod ule in the router o r switch. SFP Small Form-factor Pluggable. O ften refers to a fiber optic transcei ve r that ad ...

  • Cisco Systems IPS4520K9 - page 436

    Glos sary GL-20 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 SN Serial Number . Part of the UDI . The SN is the ser ial numb er of y our Cisco product. SNAP Subnetwork Acce ss Protocol. Internet protocol that operates between a network entity in the subnetwork a nd a network e ntity in the end s ...

  • Cisco Systems IPS4520K9 - page 437

    Glossary GL-21 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 subsigna ture A more granular representa tion of a gene ral sign atur e. It typically fu rther de fi nes a broad s cope signature. surfac e mounting Refers to at taching rubber feet to the bottom of a sens or when it is installed ...

  • Cisco Systems IPS4520K9 - page 438

    Glos sary GL-22 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 TFTP T ri vial File T ransfer Protocol. Simplif ied vers ion of FTP that lets f iles be transferred from one comp uter to an other over a ne twork, us ually without the use of client authentic ation (for exam ple, usernam e and passwor ...

  • Cisco Systems IPS4520K9 - page 439

    Glossary GL-23 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 U UDI Unique De vice Identif ier . Provides a unique identity for e v ery Cisco product. The UDI is composed of the PI D, VID, and SN. The UD I is st ored i n the Ci sco IPS ID PR OM. UDLD UniDirectional Link Detection. Cisco pro ...

  • Cisco Systems IPS4520K9 - page 440

    Glos sary GL-24 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 viru s Hidd en, s elf-r eplic atin g sect ion o f co mputer soft ware, u suall y m alic ious logic, that pro pagates by infecting—that is, inserting a cop y of itself into and becoming par t of—another pro gram. A viru s cannot run ...

  • Cisco Systems IPS4520K9 - page 441

    Glossary GL-25 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llati on Guide fo r IPS 7.1 OL-24002-01 Wireshark W ireshark is a free network protoco l analyzer fo r UNIX and Windo ws. It lets you examine da ta from a li ve network or from a capture f ile on disk . Y o u can in teractiv ely browse the captu re data, vie wing summa ...

  • Cisco Systems IPS4520K9 - page 442

    Glos sary GL-26 Cisco Intrusion Prevention System Appliance and Mo dule Installation Guide for IPS 7.1 OL-24002-01 ...

  • Cisco Systems IPS4520K9 - page 443

    IN-1 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 INDEX Numerics 10BaseT cable pinouts appliance F-1 ASA 558 5-X F-1 2SX card describe d 4-3, 5-4 illustration 4-4, 5-5 4GE bypa ss interface card configura tion restrictions 4-5, 5-6 describe d 4-3, 4-5, 5-4, 5-6 illustration 4-3, 5-4 802.1 ...

  • Cisco Systems IPS4520K9 - page 444

    Index IN-2 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 applying softwar e update s E-52 ARC blocking no t occurring for signatu re E-41 device acces s issues E-39 enab ling SSH E-41 inactive s tate E-37 misconfigur ed mast e r blocking sensor E-42 troubleshooting E-35 verifying de vice i ...

  • Cisco Systems IPS4520K9 - page 445

    Index IN-3 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 ASA 5585-X SSP-40 with I PS SSP-40 describe d 9-3 memory re quirem ents 9-8 ASA 5585-X SSP-60 with I PS SSP-60 describe d 9-3 memory re quirem ents 9-8 ASA IPS modules jumbo pa cket coun t E-62, E-73, E-80 ASDM re setting passwords E ...

  • Cisco Systems IPS4520K9 - page 446

    Index IN-4 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 copy lic ense-k ey C-12 debug m odule-b oot E-59 downgra de D-10 eras e lice nse -key C-15 hw-modu le module 1 reset E-58 hw-modu le module slo t_numbe r password- reset E-11 setup B-1, B-4, B-8, B -13, B-17, B-21 show ev ents E-102 ...

  • Cisco Systems IPS4520K9 - page 447

    Index IN-5 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 E electrical saf ety guidelines 2-3 enablin g debug logging E-44 Encr yption Softwa re Exp ort Distribution Authorization form crypto graphic ac count C-2 describe d C-2 eras e lice nse-ke y comm and C-15 errors ( Analysis E ngine) E ...

  • Cisco Systems IPS4520K9 - page 448

    Index IN-6 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 IPS 4270-20 5-6 link status chan ges and drops 4-6, 5-7, E-22 proper co nfigurat ion 4-6, 5-7, E-22 supported co nfigurations 4-5, 5-6 with soft ware bypass 4-5, 5-6 health status display E-81 HTTP/HTTPS serve rs supported D-2 hw-mod ...

  • Cisco Systems IPS4520K9 - page 449

    Index IN-7 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 comm and and control 1-5 configura tion restrictions 1-12 describe d 1-4 port numb ers 1-4 sensing 1-5, 1-6 slot numbers 1-4 support (table) 1-6 TCP re set 1-11 internal health informatio n in the Diagnostic Panel 5-42 introducing AS ...

  • Cisco Systems IPS4520K9 - page 450

    Index IN-8 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 power supply 4-23 interface naming c onventions 4-4 network ports 4-2 password recovery E-8 perform ance 4-2 power supplies 4-2 power supply indi cators 4-9 rack m ountin g 4-post 4-11 rack-m ountin g 2-post 4-14 removing interface c ...

  • Cisco Systems IPS4520K9 - page 451

    Index IN-9 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 front panel (llustration) 6-5 front panel indicators described 6-6 indicators 6-6 installation 6-12 installing sy stem image D-16 packing box contents 6-4 password recovery E-8 power supplies 6-15 power supplies (illustra tion) 6-16 ...

  • Cisco Systems IPS4520K9 - page 452

    Index IN- 10 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 removing co re IPS SSP 7-14 SFP ports 7-12 shutting down 7-14 slide rail kit hardware installa tion 7-19 specifi cations 7-8 supported SFP+ modules 7-11, 9-9 supported SFP modules 7-11, 9-9 SwitchApp 7-34 IPS 4520 back pa nel feat ...

  • Cisco Systems IPS4520K9 - page 453

    Index IN- 11 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 L licens e key installing C-12 obtaining C-9 trial C-9 uninstalling C-15 viewing status of C-9 licensi ng describe d C-9 IPS device serial number C-9 Licensing pane configuring C-10 describe d C-9 logging in appliances A-2 ASA 5500 ...

  • Cisco Systems IPS4520K9 - page 454

    Index IN- 12 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 P password recovery appliances E-8 ASA 5500-X IPS SSP E-9 ASA 5585-X IPS SSP E-1 1 CLI E-13 describe d E-7 disabling E-13 displaying setting E-13 GRUB me nu E-8 IPS 4260 E-8 IPS 4270-20 E-8 IPS 4345 E-8 IPS 4360 E-8 IPS 4510 E-8 IP ...

  • Cisco Systems IPS4520K9 - page 455

    Index IN- 13 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 4-post 4-11 IPS 4270-20 ext ensio n 5-26 installation 5-18 requiremen ts 5-17 IPS 4510 7-29 IPS 4520 7-29 rack s airflow re quirements 5-17 spac e req uireme nt s 5-17 rail system maximum ra ck depth 5-17 minimum rac k depth 5-17 r ...

  • Cisco Systems IPS4520K9 - page 456

    Index IN- 14 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 serial console port D-12 TFTP D-13 round-trip time. See RTT. RTT describe d D-13 TFTP limitation D-13 S scheduling au tomatic upgra des D-8 security information on Cisco Security I ntelligence Operat ions C-8 sensing interfaces Ana ...

  • Cisco Systems IPS4520K9 - page 457

    Index IN- 15 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 ASA 5500-X IPS SSP A-5 ASA 5585-X IPS SSP A-6 setting up terminal servers 1-22, A-3, D-13 setup automatic B-2 comm and B-1, B-4, B-8, B -13, B-17, B-21 simplified mode B-2 SFP+ modules describe d 7-10, 9-9 supported (table) 7-11, 9 ...

  • Cisco Systems IPS4520K9 - page 458

    Index IN- 16 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 HTTP/ HTTPS s erver s D-2 SwitchApp desc ribed 7-34 Switched Port A nalyzer see S PAN swit ches and TCP re set int erfaces 1-12 sw-module m odule slot_number pa ssword-reset comm and E-9 System Configuration Dialog describe d B-2 e ...

  • Cisco Systems IPS4520K9 - page 459

    Index IN- 17 Cisco I ntrusio n Preventi on System Applianc e and Modul e Insta llation Gui de for I PS 7.1 OL-24002-01 cidLog message s to syslog E-49 communic ation E-23 corrupte d SensorApp configur ation E-3 4 debug log ger zon e names ( table) E-4 8 debug log ging E-44 Diagnostic Pan el (IPS 4270-20) 5-42 disaster re covery E-6 duplicate sen so ...

  • Cisco Systems IPS4520K9 - page 460

    Index IN- 18 Cisco I ntrusio n Prevent ion System Applianc e and Mod ule Instal latio n Guide fo r IPS 7.1 OL-24002-01 restric tions E-17 supported sen sors E-17 traff ic capture requi rement s E-1 7 VLAN gro ups 802.1q e ncapsulation 1-18 configura tion restrictions 1-14 deploying 1-18 describe d 1-18 switch es 1-18 W warnin g circ uit br eaker 6- ...

Manufacturer Cisco Systems Category Network Router

Documents that we receive from a manufacturer of a Cisco Systems IPS4520K9 can be divided into several groups. They are, among others:
- Cisco Systems technical drawings
- IPS4520K9 manuals
- Cisco Systems product data sheets
- information booklets
- or energy labels Cisco Systems IPS4520K9
All of them are important, but the most important information from the point of view of use of the device are in the user manual Cisco Systems IPS4520K9.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Cisco Systems IPS4520K9, service manual, brief instructions and user manuals Cisco Systems IPS4520K9. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Cisco Systems IPS4520K9.

A complete manual for the device Cisco Systems IPS4520K9, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Cisco Systems IPS4520K9 by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Cisco Systems IPS4520K9.

A complete Cisco Systems manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Cisco Systems IPS4520K9 - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Cisco Systems IPS4520K9, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Cisco Systems IPS4520K9, that we can find in the current document
3. Tips how to use the basic functions of the device Cisco Systems IPS4520K9 - which should help us in our first steps of using Cisco Systems IPS4520K9
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Cisco Systems IPS4520K9
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Cisco Systems IPS4520K9 in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Cisco Systems IPS4520K9?

Use the form below

If you did not solve your problem by using a manual Cisco Systems IPS4520K9, ask a question using the form below. If a user had a similar problem with Cisco Systems IPS4520K9 it is likely that he will want to share the way to solve it.

Copy the text from the picture

Comments (0)