Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2260
Views
10
Helpful
6
Replies

Cannot browse to IPS

HELPDESK THAILAND
Level 1
Level 1

‎05-24-2010 10:49 PM - edited ‎03-10-2019 05:00 AM

Hi all,

I have some issues about IPS-4260 appliance with management. I used Cisco IPS Event Viewer 5.2 but no activity was shown to it and i cannot browse to IPS box through Https. i tried to reload box but issues still occured.

Please give me an idea to check or fix this case.

Thanks!!

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Scott Fringer
Cisco Employee
Cisco Employee

‎05-25-2010 04:29 AM

Can you access the sensor via SSH?  If not, can you get a direct console connection to the sensor?  If so, please ensure you have an appropriate access-list entry configured to allow your host to access the sensor.

Also, IPS Event Viewer (IEV) has been replaced by IPS Manager Express (IME).  IME provides improved event monitoring for current versions of Cisco IPS software (5.1, 6.0, 6.1, 6.2, 7.0) and configuration management for IPS versions 6.1, 6.2 and 7.0.  You may want to consider upgrading.  You can find out more about IME by visiting:

http://www.cisco.com/go/ime

Scott

HELPDESK THAILAND
Level 1
Level 1
In response to Scott Fringer

‎05-25-2010 04:47 AM

Hi Scott,

Thanks for reply

Yes, i can shell to the box. However i found that when i issued with 'show health'


Overall Health Status                                                Red
Health Status for  Failed Applications                          Green
Health Status for Signature  Updates                          Yellow
Health Status for License Key  Expiration                     Green
Health Status for Running in Bypass  Mode                  Green
Health Status for Interfaces Being  Down                     Green
Health Status for the Inspection  Load                         Green
Health Status for the Time Since Last Event  Retrieval   Red
Health Status for the Number of Missed Packets           Green
Health Status for the Memory Usage                           Not  Enabled

Security Status for Virtual Sensor vs0                         Green

Please clarify me about the status 'Red', Could it be related to my issues?

0 Helpful

Scott Fringer
Cisco Employee
Cisco Employee
In response to HELPDESK THAILAND

‎05-25-2010 04:54 AM

The red status reported for "Health Status  for the Time Since Last Event  Retrieval" indicates a SDEE-based client (IME, CS-MARS, etc) has not contacted the sensor to retrieve events in the configured time period.  As you are running a version of IPS software that supports health metrics, you will need to use IME for your event monitoring as IEV does not support the more recent versions of IPS software.

Another cause for failed event retrieval is an expired TLS certificate on the sensor.  You can check the valid date range for the current TLS certificate by issuing 'show version' on the CLI of the sensor; the TLS certificate details will be listed on the last lineo f the output:

Host Certificate Valid from: 14-Apr-2010 to 14-Apr-2012

Scott

0 Helpful

HELPDESK THAILAND
Level 1
Level 1
In response to Scott Fringer

‎05-25-2010 08:18 PM

Hi Scott,

This is output of show version, host cert still valid date

Cisco  Intrusion Prevention System, Version 6.1(1)E3

Host:
    Realm Keys          key1.0
Signature  Definition:
    Signature Update    S479.0                    2010-03-19
    Virus Update        V1.4                     2007-03-02
OS  Version:             2.4.30-IDS-smp-bigphys
Platform:                IPS-4260-K9
Sensor up-time is 25 min.
Using 1886916608 out of  4100345856 bytes of available memory (46% usage)
system is using 17.7M out of  29.0M bytes of available disk space (61% usage)
application-data is using  45.3M out of 166.8M bytes of available disk space (29% usage)
boot is  using 40.5M out of 69.5M bytes of available disk space (61%  usage)


MainApp          M-2008_APR_24_19_16    (Release)    2008-04-24T19:49:05-0500   Running
AnalysisEngine    ME-2008_OCT_17_00_32   (Release)   2008-10-17T00:58:23-0500    Running
CLI              M-2008_APR_24_19_16    (Release)    2008-04-24T19:49:05-0500


Upgrade History:

*  IPS-sig-S476-req-E3       07:07:30 UTC Wed Mar 10 2010
   IPS-sig-S479-req-E3.pkg   07:07:17 UTC Sun Apr 11 2010

Recovery Partition Version 1.1 -  6.1(1)E2

Host Certificate Valid from: 13-Jul-2008 to  14-Jul-2010

Do you have any an idea to check or verify to get me to access through the box via https?

0 Helpful

Scott Fringer
Cisco Employee
Cisco Employee
In response to HELPDESK THAILAND

‎05-26-2010 03:33 AM

Can you connect to the sensor's IDM interface?

https://

If you are using IPS Event Viewer (IEV) as previously indicated, it cannot monitor IPS version 6.1 and higher.  You need to use IPS Manager Express (IME).

Also, IPS release 6.1(1)E3 is no longer receiving signature updates or software maintenance support:

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps5729/ps5713/ps2113/end_of_life_notice_c51-543022.html

You should consider upgrading your sensor to at least version 6.2(2)E4, if not 7.0(2)E4 (which adds a feature for global correlation and reputation scoring of potentially malicious IP addresses).

Scott

0 Helpful

bimalnp4me
Level 1
Level 1

‎09-22-2013 11:55 PM

i have the same issue and after install compatible version of IPS Manager Express issue resolved.

Thanks for the help..

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card