Solved: Re: Sig update with MC and NAT

paolob · ‎09-13-2004

I'm (still) trying to uprade my IDSM2 with VMS 2.2 MC, but audit logs analysis shows a message like the following one:

An error occurred while running the update script on the sensor named ids-mo-dis-1. Detail = CLI Error: "tls trusted-host ip-address 10.237.86.132 port 443 socket connect failed [4,110]"

It seems like a script trying to run from sensor to MC server. The problem here generate from the PIX firewall between sensor and server who NATs the real MC address 10.237.86.132 to the sensor in 10.237.85.113. Changing the real address in NATed one can solve the problem? If so, how can i do that?

Regards,

Paolo

ishah · ‎09-15-2004

This is the fix we use and it seems to work. Change the IP address of the VMS box to the NAT'ed address the Sensor sees in the following files. Try it but ensure you keep a backup

NOTE – The IDS-MC 1.2.3 does not support NAT of its own interfaces when upgrading (it does support entering a NAT address for sensors). If you need to NAT the MC you MUST do the following:

• Stop CiscoWorks Daemon manager.

• Edit the following file: \CSCOpx\MDC\etc\ids\xml\SystemConfig.xml

• Find the line that looks like: x.x.x.x.

• Change x.x.x.x to the correct IP address.

• If you have IDS MC installed, copy the file just edited to \CSCOpx\MDC\Tomcat\vms\ids-config\web-inf\classes\com\cisco\nm\mdc\ids\common\SystemConfig.xml.

• If you have Security Monitor installed, copy the file just edited to \CSCOpx\MDC\Tomcat\vms\ids-monitor\web-inf\classes\com\cisco\nm\mdc\ids\common\SystemConfig.xml.

• Restart CiscoWorks Daemon Manager.

View solution in original post

flyingmunk · ‎09-14-2004

this is a known bug, and i believe that it is due to be fixed in ids mc 2.0.

you can verify this issue by the following:

tls trusted-host ip-address 10.237.86.132 port 443

upgrade https://10.237.86.132/vms/sensorupdate/

if the above fails, then you are running into the bug.

there may be a patch for this, but i'm not aware of it. may want to check with tac.

here is the bug id:

CSCsa04030

NAT from sensor to director not supported

hope this helps,

chris

ishah · ‎09-14-2004

There is a workaround for this. It involves editing the xml files on the MC to change the IP address of the MC to the actual address the sensor is seeing.

We use it and it works. I don't remember where I got the solution from but if you still need it - post and I will put it on for you.

soc · ‎09-14-2004

I would like to get this workaround posted please. Will this only let you access the MC with this IP address or can you still acces it with the original IP as well? Thanks...

paolob · ‎09-14-2004

I would appreciate a post of that workaround, if you can do it.

Thanks,

Paolo

soc · ‎09-15-2004

Paolo,

I discovered last night that if you upgrade your MC for IDS to version 1.2.3 and apply the 2 patches that are available for this version, you will get a field that asks for the NAT address of your MC. That will fix your problem....

paolob · ‎09-15-2004

I'm just using IDS MC 1.2.3 and i applied all the patches available before the error discovery.

Paolo

ishah · ‎09-15-2004

This is the fix we use and it seems to work. Change the IP address of the VMS box to the NAT'ed address the Sensor sees in the following files. Try it but ensure you keep a backup

NOTE – The IDS-MC 1.2.3 does not support NAT of its own interfaces when upgrading (it does support entering a NAT address for sensors). If you need to NAT the MC you MUST do the following:

• Stop CiscoWorks Daemon manager.

• Edit the following file: \CSCOpx\MDC\etc\ids\xml\SystemConfig.xml

• Find the line that looks like: x.x.x.x.

• Change x.x.x.x to the correct IP address.

• If you have IDS MC installed, copy the file just edited to \CSCOpx\MDC\Tomcat\vms\ids-config\web-inf\classes\com\cisco\nm\mdc\ids\common\SystemConfig.xml.

• If you have Security Monitor installed, copy the file just edited to \CSCOpx\MDC\Tomcat\vms\ids-monitor\web-inf\classes\com\cisco\nm\mdc\ids\common\SystemConfig.xml.

• Restart CiscoWorks Daemon Manager.

soc · ‎09-15-2004

Well, I applied the patches and added the NAT IP address to the proper field. I will attach a screen shot that shows you the field I am talking about. After this, you have to Save the pending config, gererate a config and deploy it to the sensor. Then you should be able to apply the signature updates.

ishah · ‎09-15-2004

We applied the patches and did the XML fix too to make ours work. The Sensor can be managed by it's NAT address but without editing the files as stated and putting in the address the sensor sees for the MC, you will have problems.

Did you do the xml fix ?

paolob · ‎09-15-2004

Ishah,

your xml fix solved my problem.

Thanks a lot!

Paolo

soc · ‎09-15-2004

No and everything updated just fine...

soc · ‎09-15-2004

Here is the attachment.