Changed password - IDS can't connect via SSH

unionbancorpit · ‎01-21-2005

I have a PIX-514 configured for SSH. I also have a 4210 IDS on the internal network. At one time I know the IDS would shun (using the firewall). I believe that if you do a show ssh sessions on the firewall you will always see the IDS as connected. I changed the passwords on the PIX this morning and I went into the IDS and changed the password under Logical Devices. I connected back to the PIX and did a show ssh sessions. The only thing it reported was my session. If I repeat the command I will sometimes see the ip address of the sensor but the state is 2 and the encryption and username are empty.

Am I right in thinking that the IDS should have a connection at all times? I know ssh is working because I can connect to the PIX from my desktop. I know the passwords are right because I've checked and rechecked them. I even did a sho config from the command line of the IDS and it displays the passwords in plain text so I know the passwords are correct. Any ideas or things to check? Thanks.

unionbancorpit · ‎01-21-2005

I solved my own problem. I regenerate the known host-key for my PIX and right after that the IDS established the connection. Not sure what happened but its working now.

jlively · ‎01-21-2005

from the sesnor do a "show stat net" and look for the pix. Does the state say "Active" or "Connecting"?

You can also do a show events on the sensor and then stop/start blocking using idm. You should see any errors nac is having.

Try that for starters.