Paul,

Thank you for jumping in :-)

I did this test:

Connect the management-port to my PC. In this way I can access the sensor via IDM using 10.119.117.9

Even if the management-port is connected to the switch (on the same VLAN), I cannot access the sensor

using IDM remotely from the LAN via 10.119.117.9 (can PING it but the response comes from interface

ids/sensor 2/0 on the router)..

I guess my question is...

If I want to access NME via IDM remotely, which IP should I use?

If I try to access it via 10.119.117.9 remotely I access the router itself.

Federico.

Fede,

Check the subnet mask of the management port. You only have two available IPs. I suppose one IP is for the router and the other for the IPS, if your PC on the same subnet?

You should access the IDM using the management IP of the sensor.

Yes,

I did this:

interface IDS-Sensor2/0
ip address 10.119.117.9 255.255.255.0
service-module fail-open
hold-queue 60 out
end

Then, try to open IDM from a computer on another subnet with access (10.3.1.1)

I can still PING 10.119.117.9 from 10.3.1.1

But if i do https://10.119.117.9 from 10.3.1.1 what I get is CPP (GUI interface for the router itself)

I was hoping to get IDM when doing https://10.119.117.9

If I connect my PC directly to the management port (assign my PC 10.119.117.x), then IDM works.

This is from the sensor:

service host
network-settings
host-ip 10.119.117.9/24,10.119.117.1

I think i understand now...

Question:

The default gateway is the router (Loopback interface)

interface Loopback1
ip address 10.119.117.1 255.255.255.255

This is why all traffic is send back to the backplane to the loopack....

If the only way to open IDM remotely via the management-port, how do I assign an IP to the management-port and it's gateway correctly???

Federico.

Fede,

Can you run again the setup command on the IPS and use a different IP on the same subnet of the LAN interface of the Router?

The interface IDS-Sensor2/0 is basically the interface used for the router to connect to the IPS. When you use the command "service-module ids-sensor 2/0 session" it makes a reverse telnet to what ip? I guess it is 10.119.117.9, right?

Change the ip of the sensor and test again. Remember to allow the remote subnet on the ACL of the IPS so that you can connect to it.

If possible please include the show config of the sensor.

Paul,

I see what you're saying.. thanks I will give it a try and let you know.

Federico.

Ok.
When the NME-IPS has the following information:
IP 10.119.117.10/30
GW 10.119.117.9
Router ids-sensor interface 10.119.117.9/30

There's no way to access the sensor remotely.
Cannot even PING between 10.119.117.9 and 10.119.117.10

Now...
If I configure the sensor with an IP from the LAN and GW LAN interface of the router, I can access IDM from anywhere.

The problem here is the client follow an standard where all other facilites have the above configuration.

So my question is..
Is it possible to manage the NME-IPS remotely via the backplane connection to the router?
If not... where do I connect the management port to? (since there's no separate IP for the management port).

Federico.

You can actually manage the module from the backplane using this command in your router  service-module idS-Sensor 0/0 session

About the remote management just try to check the access-list in the module.

Please post the following output

IPS-# conf ter
IPS-(config)# ser host
IPS-(config-hos)# network-settings
IPS-(config-hos-net)# sh sett

If you want to allow a host to manage your IPS it has to be listed in the ACL. To add a host just change the ACL

IPS-(config-hos-net)# access-list