Re: Timeout error msg while manual Blocking

s-cerman · ‎09-18-2002

My customer uses IDS 4210 with 3.1(3)S31 installed and uses CSPM 2.3.3i.

Until 1 week ago there was no problem but he says when he want to block manually some hosts or networks at Router via CSPM Event Viever he gets Error timeout waiting response.

He uses PIX 525 with 6.1(3) and there is rule that allows to IDS to telnet Router.I checked blocking configuration and configuration and passwords was correct.

Any idea?

Thanks in advance

jlively · ‎09-18-2002

do automatic shuns still worK? Is nr.managed still working? can you send a copy of his /usr/nr/etc/managed.conf file from the sensor and the output of nrstatus run on the sensor?

s-cerman · ‎09-18-2002

Yes he checked with nrstatus command and managed is not running.

And here managed.conf file: I hided if addresses and passwords.

Why managed is not running? He couldn't say regarding automatic shunning

I will check this today.

Any comment

Thanks

# Generated: Fri Sep 13 11:39:15 2002

# Template: D:\Program Files\Cisco Systems\Cisco Secure Policy Manager\bin\templates\3.0\etc\managed.conf.template

# Sensor Version: 3.1(3)S31

# Sensor OS: SunOS

FilenameOfError ../var/errors.managed

AllowSensorShun 0

NetDevice aaa.aaa.aaa.aaa CiscoDefault bbb ccc 0.0.0.0

ShunInterfaceCisco aaa.aaa.aaa.aaa Serial0/0 in

NeverShunAddress ddd.ddd.ddd.ddd 255.255.255.255

jlively · ‎09-19-2002

Look at the /usr/nr/etc/deamons file on the sensor. Is nr.managed there?? If not, go into CSPM and make sure blocking is still set up for the sensor (select the sensor, then the blocking tab, then make sure there are devices listed.)