12-17-2002 06:07 AM - edited 02-20-2020 10:26 PM
I use IDS sensor version 3.1(3)S36 , and pix version 6.1(4) , and I am trying to do shunning on pix using telnet . But I face the following problem in the errors.managed :
12/17/2002 13:32:06UTC E Read error [Operation now in progress] fd [3]
12/17/2002 13:33:11UTC E Comm timeout for [pix_IP]. No recovery action will be taken at this time.
12/17/2002 13:33:57UTC E Comm timeout for [pix_IP]. No recovery action will be taken at this time.
Notes :
- the configuration file managed.conf is correct
- I can telnet manually (from the command line) from the sensor to the pix , so there is no communication problems .
- I know this problem is reported for pix 6.2(1) , does it also apply for 6.1(4) ?
- in the managed.conf file the conf is : "NetDevice [pix_IP] PIX [telnet_pass] [enable_pass]"
but when I execute the command "nrgetbulk 10003 hostid orgid 1 NetDevice" on the sensor I get :
"[pix_IP] Cisco [telnet_pass] [enable_pass]"
Does anyone has a solution beside the "use ssh" answer ?
Solved! Go to Solution.
12-17-2002 10:02 AM
You can get a little more detailed diagnostic information
by executing the command "nrget 10003 hostid orgid 1 Diagnostic".
This will tell you the state of all of the net devices used for shunning.
You can also determine if the CSCdx55215 bug is occurring
on your sensor:
From the sensor command line, telnet to the PIX. If you
see the banner "User Access Authentication", then the
bug will occur and you will need to get the nr.managed
engineering code for CSCdx55215.
Here is a link, which requires a CCO account, to the beta code:
http://www.cisco.com/cgi-bin/tablebuild.pl/nids
If you download the file, please send me an email
(stleary@cisco.com) and I will provide installation instructions.
I am pretty sure that you are seeing this bug because one of
the side effects is that the PIX is misreported as a router
(i.e. Cisco instead of PIX).
12-18-2002 06:14 AM
Reply sent via email.
12-17-2002 10:02 AM
You can get a little more detailed diagnostic information
by executing the command "nrget 10003 hostid orgid 1 Diagnostic".
This will tell you the state of all of the net devices used for shunning.
You can also determine if the CSCdx55215 bug is occurring
on your sensor:
From the sensor command line, telnet to the PIX. If you
see the banner "User Access Authentication", then the
bug will occur and you will need to get the nr.managed
engineering code for CSCdx55215.
Here is a link, which requires a CCO account, to the beta code:
http://www.cisco.com/cgi-bin/tablebuild.pl/nids
If you download the file, please send me an email
(stleary@cisco.com) and I will provide installation instructions.
I am pretty sure that you are seeing this bug because one of
the side effects is that the PIX is misreported as a router
(i.e. Cisco instead of PIX).
12-18-2002 12:51 AM
Thanks very much for your reply ,
I do get the message "User Access Verification" when I telnet on PIX , I guess this is the problem . I downloaded the nr.managed engineering code for CSCdx55215 .Can you help me with the installation instructions ?
12-18-2002 06:14 AM
Reply sent via email.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide