Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
6
Replies

Initial Setup Questions - Newbie

rbutler195
Level 1
Level 1

‎11-03-2001 07:17 AM - edited ‎03-08-2019 09:03 PM

Hello. I've got one 4210 sensor (V2.5.0.102), one 4230 sensor (V3.0(1)S4 Modified), and one CSPM (V2.3.0 Build 2335). I've configured the CSPM such that I am receiving and communicating via V2.5.0 with the 4210 sensor, but I'm unable to communicate from the CSPM to the 4230 sensor. I don't have the option on the CSPM to select V3.0(1)S4 for communication with the 4230. Can someone please advise me the correct steps to take to get all on the latest and greatest? Is order significant? What's the minimum I need to do to begin communicating properly with the 4230?

Thanks in advance!

Labels:
0 Helpful
6 Replies 6

netanalyze
Level 1
Level 1

‎11-03-2001 10:36 AM

Simply upgrade CSPM with the new signature files for v3.0(1)S4. They are available from Cisco.com under the IDS Appliance Software center. Download the ZIP - extract and run the update sensor files from the tool menu. Don't select a specific sensor just click next and follow the update procedure. This will allow you to select V3.0(1)S4 from the pull down menu for the 4230 Sensor.

Keep in mind that the CSPM signature update files are not the same as the signature update files for the Sensor (.bin vs .zip/exe)

This will update CSPM to match the 4230 sensor signature file.

0 Helpful

rbutler195
Level 1
Level 1
In response to netanalyze

‎11-03-2001 11:17 AM

Thanks for the timely feedback. That clarifies it for me!

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to rbutler195

‎11-04-2001 08:51 PM

I would also recommend upgrading to the latest version of CSPM v2.3.3i.

0 Helpful

tiryan
Cisco Employee
Cisco Employee

‎11-08-2001 09:10 PM

The 4230 should communicate to CSPM even if the software is not matched perfectly . Start with the basics. Can you ping for cspm to 4230. If not login as root and type ifconfig /dev/swpr0

This is the management int and should have the correct ip info on it from when you ran sysconfig-sensor.

If that is OK double check your post office settings on both ends. Then reload the 4230.

0 Helpful

rwassom
Level 1
Level 1
In response to tiryan

‎11-09-2001 07:41 AM

/dev/spwr0 is the sniffing interface

/dev/iprb0 is the management interface

The best option is still to upgrade CSPM to the latest version (v2.3.3i) first, then configure it to see the correct sensor version from the beginning. This is a much cleaner approach than mixing versions between CSPM and the sensor.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to rwassom

‎11-09-2001 10:00 AM

FYI

The user HAS to have at least version 2.3.2i of CSPM to communicate with a version 3.0(1)S4 sensor. If the S level is higher than S4 then the same S level signature update also HAS to be applied to the CSPM machine.

So when upgrading your sensors, you also have to upgrade your CSPM.

Latest sensor: 3.0(2)S10

Latest CSPM: v2.3.3i with S10 signature udpate

0 Helpful
Customers Also Viewed These Support Documents