cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
900
Views
0
Helpful
3
Replies

Shunning doesn't work with pix 6.1(4)

osam
Level 1
Level 1

I use IDS sensor version 3.1(3)S36 , and pix version 6.1(4) , and I am trying to do shunning on pix using telnet . But I face the following problem in the errors.managed :

12/17/2002 13:32:06UTC E Read error [Operation now in progress] fd [3]

12/17/2002 13:33:11UTC E Comm timeout for [pix_IP]. No recovery action will be taken at this time.

12/17/2002 13:33:57UTC E Comm timeout for [pix_IP]. No recovery action will be taken at this time.

Notes :

- the configuration file managed.conf is correct

- I can telnet manually (from the command line) from the sensor to the pix , so there is no communication problems .

- I know this problem is reported for pix 6.2(1) , does it also apply for 6.1(4) ?

- in the managed.conf file the conf is : "NetDevice [pix_IP] PIX [telnet_pass] [enable_pass]"

but when I execute the command "nrgetbulk 10003 hostid orgid 1 NetDevice" on the sensor I get :

"[pix_IP] Cisco [telnet_pass] [enable_pass]"

Does anyone has a solution beside the "use ssh" answer ?

2 Accepted Solutions

Accepted Solutions

stleary
Cisco Employee
Cisco Employee

You can get a little more detailed diagnostic information

by executing the command "nrget 10003 hostid orgid 1 Diagnostic".

This will tell you the state of all of the net devices used for shunning.

You can also determine if the CSCdx55215 bug is occurring

on your sensor:

From the sensor command line, telnet to the PIX. If you

see the banner "User Access Authentication", then the

bug will occur and you will need to get the nr.managed

engineering code for CSCdx55215.

Here is a link, which requires a CCO account, to the beta code:

http://www.cisco.com/cgi-bin/tablebuild.pl/nids

If you download the file, please send me an email

(stleary@cisco.com) and I will provide installation instructions.

I am pretty sure that you are seeing this bug because one of

the side effects is that the PIX is misreported as a router

(i.e. Cisco instead of PIX).

View solution in original post

stleary
Cisco Employee
Cisco Employee

Reply sent via email.

View solution in original post

3 Replies 3

stleary
Cisco Employee
Cisco Employee

You can get a little more detailed diagnostic information

by executing the command "nrget 10003 hostid orgid 1 Diagnostic".

This will tell you the state of all of the net devices used for shunning.

You can also determine if the CSCdx55215 bug is occurring

on your sensor:

From the sensor command line, telnet to the PIX. If you

see the banner "User Access Authentication", then the

bug will occur and you will need to get the nr.managed

engineering code for CSCdx55215.

Here is a link, which requires a CCO account, to the beta code:

http://www.cisco.com/cgi-bin/tablebuild.pl/nids

If you download the file, please send me an email

(stleary@cisco.com) and I will provide installation instructions.

I am pretty sure that you are seeing this bug because one of

the side effects is that the PIX is misreported as a router

(i.e. Cisco instead of PIX).

Thanks very much for your reply ,

I do get the message "User Access Verification" when I telnet on PIX , I guess this is the problem . I downloaded the nr.managed engineering code for CSCdx55215 .Can you help me with the installation instructions ?

stleary
Cisco Employee
Cisco Employee

Reply sent via email.

Review Cisco Networking for a $25 gift card