Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
993
Views
0
Helpful
5
Replies

2811 IOS IPS VMS Configuration

mschnabe
Level 1
Level 1

‎06-29-2005 06:32 AM - edited ‎03-10-2019 01:31 AM

I have several already deployed 2811 that I'd like to turn on the IPS feature. IOS firewall is already running. We also have just deployed VMS. Is there any order that need to be followed to get these into VMS. Should I import them into Router MC or IDS MC first? IDS MC documentation isnt clear to me setting up IOS IPS.

thanks in advance

Labels:
0 Helpful
5 Replies 5

didyap
Level 6
Level 6

‎07-05-2005 05:44 AM

VMS only works with 12.3.11T5 release on a 2811.

0 Helpful

d-garnett
Level 3
Level 3

‎07-07-2005 01:33 PM

No particular order (that I am aware of).

As far as Security Monitor to monitor IDS Alerts, I choose the hard way and just manually added each of our devices, tedious but all is working.

As far as Performance Monitor, I imported from RME

The bulk of our routers run 12.3(11)T and 12.3(11)T2.

We have a ton of 831's and I choose for them to send alerts via PostOffice rather than waiting for collections via SDEE because the memory in the 831's (48MB) are already just about maxed out (Regularly over 80%) just running the daily needed applications (VPN and CBAC). We have some 1700s and 2600s out in the field too that are not as taxed.

if you choose the PostOffice route (or test it out) then here are the commands and steps you need:

First add the device in Security Monitor to use PostOffice

then from the router console, ssh, etc........

ip ips notify nr-director

ip ips po max-events 100

ip ips po remote hostid [VMS Host ID#] orgid [ORG #] rmtaddress [VMS IP Address] localaddress [Router IP Address] port 45000

ip ips po local hostid [Router Host ID#] orgid [Org ID#]

exit

write mem

reload

Once you reload it will send an initial packet to VMS and the router will register as 'Connected' in Sec Monitor.

You should make sure that the 'ip ips po' commands are accepted in your IOS version

____________________________________________________

I don't know what your memory consumption is like in your 2800 Router but the config for SDEE Event Collection is much less involved. If your router has resources to spare this is the way to go.

0 Helpful

mschnabe
Level 1
Level 1
In response to d-garnett

‎07-07-2005 03:12 PM

I've upgraded to the latest T train 12.3(14)T2 PostOffice is no longer supported

We are having problems importing the 2811's into the IDS MC. We have yet to be successful

0 Helpful

mamassa
Level 1
Level 1
In response to mschnabe

‎08-18-2005 06:14 AM

That version (12.3(14)T2 had some serious issues not limited to IPS functionality - but we've been forced to migrate to 12.4(3) and have had good results.

0 Helpful

jjunior
Level 1
Level 1
In response to mamassa

‎08-22-2005 09:42 AM

Hi Matt

I saw your post about IOS-IPS with VMS 2.3. So I made the IOS upgrade to 12.4.3, but the problem still happen !

When I try to add one IOS IPS sensor I got the following error message:

Import of sensor 192.168.10.100 failed.

Error : Error importing configuration files from the sensor - Unable to get sensor version

Can you help me ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card