08-24-2001 05:54 AM - edited 03-08-2019 08:38 PM
I have an IDS-4210 installed in conjunction with CSPM and have set up my blocking device which is a 2620 router. After testing a manual block then checking the router for the access-list statement we determined that the connection was not being maintained by the sensor even though the router shows a telnet connection from the sensor.. After working with the local Cisco Engineer and running nrgetbulk with NetDeviceStatus and NetDevice - the output shows that the connection does not stay active - it only shows Login_sent. I have the correct telnet, enable password, username in CSPM and the sensor shows this information also and have rechecked my sysconfig-sensor settings and all is correct. Is there something I'm missing in regards to the sensor to maintain the active telnet state for blocking.
08-24-2001 07:20 AM
What version of software is running on the 4210? There was a bug in the 2.5(X)SX version that exhibited the behavior that you describe. It was fixed in 3.0(1).
08-24-2001 01:58 PM
I'm running 3.0(1) - just upgraded it.
08-24-2001 03:00 PM
Please email your router config and the managed.conf file to kleem@cisco.com and we'll take a look at it.
08-28-2001 05:22 AM
I have sent this to kleem and await your advice - thanks for taking a look at this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide