Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
941
Views
0
Helpful
8
Replies

IDS & Cisco Works SIMS

m.rainer
Level 1
Level 1

‎10-15-2004 10:21 AM - edited ‎03-10-2019 01:10 AM

Hello,

I try to integrate a IDS 4.1 appliance to Cisco Works SIMS 3.1 (Netforensics) . But I fail for 2 days now. I can see that the CSIDS4 agent tries to connect to the IDS sensor with TCP port 443 but in the logs I always can see a "failed to conntect host".

I configured the "NF CSIDS Agent":

"Date Processor Data1" -> "CSIDS4 AGENT PROTOCOL" -> "MODE = SECURE"

There is a field: "signature"

Do I need fill out that field? What is the correct input for that field?

Or ist "mode" secure the wrong mode?

Has anybody integrated a Cisco IDS 4.1 to NetForensics 3.1 successfully?

PLEASE HELP!

Thanks a lot

Markus

Labels:
0 Helpful
8 Replies 8

ishah
Level 1
Level 1

‎10-15-2004 03:24 PM

Hi,

Ensure the SIM IP is in allowed hosts section in the Sensor configuration. This is what you see usually when that bit isn't configured.

Also try this link

http://www.cisco.com/application/pdf/en/us/guest/products/ps5209/c1067/ccmigration_09186a008017e174.pdf

0 Helpful

m.rainer
Level 1
Level 1
In response to ishah

‎10-17-2004 11:37 PM

Hello,

Thanks for the answer.

I have done that before, thats not the failure. I found that document "configuring and maintenance" before. But I only can find a description how to configure the IDS sensor and no documentation regarding the configuration NET Forensics.

Any further hints?

Thanks a lot

Markus

0 Helpful

m.rainer
Level 1
Level 1
In response to m.rainer

‎10-18-2004 12:32 AM

Hello,

On the IDS Sensor I found that error events:

evError: eventId=1050261859615885102 severity=error

originator:

hostId: idssensorgraz01

appName: cidwebserver

appInstanceId: 11821

time: 2004/10/18 07:28:23 2004/10/18 09:28:23

errorMessage: name=errUnclassified srvcReq protoErr: unexpected_message [10,0]

2. evError: eventId=1050261859615885103 severity=error

originator:

hostId: idssensorgraz01

appName: cidwebserver

appInstanceId: 1153

time: 2004/10/18 07:28:23 2004/10/18 09:28:23

errorMessage: name=errTransport WebSession::sessionTask(4) TLS connection exception: handshake incomplete.

Maybe that helps?

Markus

0 Helpful

lkc
Level 1
Level 1
In response to m.rainer

‎12-20-2004 03:51 PM

Did you ever find out what the issue were ?? I may be in a similar situation ?

Regards,

Lasse

0 Helpful

m.rainer
Level 1
Level 1
In response to lkc

‎12-21-2004 09:22 AM

Hello Lasse,

Yes I found out what it was. You have to configure "secure" Port: 443 and NO CERTIFICATION has to be added.

It works no for a while.

I do not know why there is no documentation regarding that point!

Best regards

Markus

0 Helpful

ebatur
Level 1
Level 1
In response to lkc

‎10-22-2008 08:39 AM

Hello. Do you still have access to a Cisco SIMS Engine?

0 Helpful

ebatur
Level 1
Level 1
In response to ishah

‎10-22-2008 08:38 AM

Hello. Do you still have access to a Cisco SIMS Engine?

0 Helpful

ebatur
Level 1
Level 1

‎10-22-2008 08:37 AM

Hello. Do you still have access to a Cisco SIMS Engine?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card