hi,but in the 4210,it seems there is no a command to enable IDM,there is only one command named setup,it can setup some info such as ip address,etc.but how can I config it so that i can use IDM(like https://) to manage it ?and how I config the org ID and host id?

Hi Chad,

By default IDM is on. The web server needs to be ON for the management stations communication, hence the default is ON for IDM.

Answer to your second question is that on 4.x there is no concept of OrgID/HOST ID etc. The communication architecture has completely being changed. Now, on 4.x communication is based on RDEP i.e, management station and the sensor communicates on https (SSL) There is a built in web server that provides the support for https communications. So, all you need to do is config the web server and allow

thanks,first.

but when I input "https://x.x.x.x",x.x.x.x is the ip address of the 4210,but there is no any response, and I have start the webserver.

can I conclude that CSPM 2.3.3i can't manage sensor whose version is above 4.x?

Jeff,

You are right, 4.x sensors cannot be managed by CSPM. The only management platforms for 4.x is the IDSMC 1.1 and above and the inbuilt IDM/IEV.

Please refer to the below url for configuration of the 4.x sensor to be able to use IDM/IEV;

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swchap1.htm#144

Hope this helps,

Thanks,

yatin

SIDE COMMENT:

When you recieved your IDS-4210 from Cisco it was likely pre-loaded with version 4.0.

It did, however, get shipped with a 3.1 Recovery CD as well.

If you are using CSPM and have not yet been able to upgrade to VMS (IDS MC and Security Monitor) then you can re-image your new IDS-4210 sensor to the older version 3.1 code so you can continue using CSPM until you get a chance to upgrade to VMS.

hi,the default username of 4210 is root or cisco?mine is cisco.how can I know if the VMS is ready?

thanks

On the older version 3.x sensors you had to initially login as root to configure the sensor, and then login as user netrangr for additional configuration and management of the sensor.

In the newer version 4.x sensors you need to login with the "cisco" userid and password. In 4.x you can then create additional usernames.

Since the username on your box is "cisco" then I would be 99.9% sure you are running version 4.x.

If you are using CSPM or Unix Director then you would need to stick in the 3.1 CD shipped with your sensor and re-image it the older 3.1 version that will work with CSPM.

If you are using VMS then VMS works fine with the newer version 4.x sensors.

If you are using CSPM or Unix Director and would like to upgrade to VMS then contact your Cisco Representative. Depending on how you originally purchases CSPM or Unix Director and what support contract you purchased will determine the cost (if any) for you to upgrade to VMS.

hi,my version is IDS-K9-MAJ-4.0-1-S36,I

conf t

service webserver

default ports

default server-id

default tls-enable

then I reload the ids,but I still can't open the IDS with "https://x.x.x.x(sensor's ip address) in IE 6.0.

btw,both the sniffer port and the common port are connected in the same network(inside of pix)

Have you added your list of allowed ip addresses.

By default in 4.0, only 10.0.0.0 network ip addresses are allowed to access the sensor. You have to add in any other ip addresses that you want to give access to.

Refer to step 9 in the initialization steps in the following link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/hwguide/hwchap4.htm#364031

It explains how to configure the accesslist to allow your ip address to access the box.

Other things to try:

Try to ssh to the sensor from the same box you are trying to web browse from. If you can ssh into the sensor from this machine then your network parameters and accesslist are fine and there may be a problem with the sensor's web server.

If you can't ssh into the box then recheck the network parameter settings and accesslist settings on your sensor.