Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
642
Views
0
Helpful
4
Replies

IDS to router telnet connection for blocking

kevin.bryan
Level 1
Level 1

‎08-24-2001 05:54 AM - edited ‎03-08-2019 08:38 PM

I have an IDS-4210 installed in conjunction with CSPM and have set up my blocking device which is a 2620 router. After testing a manual block then checking the router for the access-list statement we determined that the connection was not being maintained by the sensor even though the router shows a telnet connection from the sensor.. After working with the local Cisco Engineer and running nrgetbulk with NetDeviceStatus and NetDevice - the output shows that the connection does not stay active - it only shows Login_sent. I have the correct telnet, enable password, username in CSPM and the sensor shows this information also and have rechecked my sysconfig-sensor settings and all is correct. Is there something I'm missing in regards to the sensor to maintain the active telnet state for blocking.

Labels:
0 Helpful
4 Replies 4

kleem
Cisco Employee
Cisco Employee

‎08-24-2001 07:20 AM

What version of software is running on the 4210? There was a bug in the 2.5(X)SX version that exhibited the behavior that you describe. It was fixed in 3.0(1).

0 Helpful

kevin.bryan
Level 1
Level 1
In response to kleem

‎08-24-2001 01:58 PM

I'm running 3.0(1) - just upgraded it.

0 Helpful

kleem
Cisco Employee
Cisco Employee
In response to kevin.bryan

‎08-24-2001 03:00 PM

Please email your router config and the managed.conf file to kleem@cisco.com and we'll take a look at it.

0 Helpful

kevin.bryan
Level 1
Level 1
In response to kleem

‎08-28-2001 05:22 AM

I have sent this to kleem and await your advice - thanks for taking a look at this.

0 Helpful
Customers Also Viewed These Support Documents