cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1454
Views
14
Helpful
24
Replies

Reg. upgrading Cisco IDS 4.0 Version to 5.0

ankurs2008
Level 1
Level 1

Dear happs / marcabal

I have one of the IDS 4215 4.1(1) Version having the details as attached .I want to upgrade the same to 5.0 and then to 6.0 .Hence i will be installing the 5.0(1e)S149 major update for upgrading it to 5.0 first

The following is written in the read me file of the service package IPS-K9-maj-5.0-1e-S149.rpm.pkg

"For IDS-4215, you should also ensure that you have upgraded the BIOS to version

5.1.7 and the ROMMON to version 1.4"

Hence i have downloaded the Upgrade utility mentioned above ; however i need to know following

1) how to check the current BIOS and ROMMON Version in IDS

2) To upgrade the BIOS and ROMMON Version , can i make my dekstop (Windows XP ) as TFTP Server as we are remotely managing (LEASE LINE) the customer IDS or do i need to have a local desktop at the customers place itself (in the cisco IDS Network range only) which can be made as TFTP Server

3) Also please let me know how to see the license details in IDS 4.0 and if there is no license available then , can we still upgrade it to version 5.0 ?

1 Accepted Solution

Accepted Solutions

There is no license in version 4.x, licensing only started in version 5.0.

You can upgrade your 4215 to version 5.1 or version 6.0 without a license.

Minimum BIOS versions to upgrade and proceedures are easily searched on CCO.

View solution in original post

24 Replies 24

rhermes
Level 7
Level 7

The BIOS version is shown when you boot the box. You may need to be on the console to see the boot messages.

You can use any host with IP connectivity as your TFTP server. Make sure you specify your Gateway if your host is not on the same subnet.

You can always apply software upgrades (up to the limits of the sensor of course, the 4215 won't take 6.1 for example) without a valid license. Each upgrade, update and patch contains the latest (at time of release) signature file.

hi rhermes

thanks for the update.Please let me know

1)how to see if license is applied or not in IDS 4.0 as i am not getting any details of it via GUI or via CLI

2) Can i upgrade it to software version 5.0 first AT LEAST (consider i dont have a license renewed as of now )

3) Please guide as to how to upgrade ROMMON and BIOS Version .

There is no license in version 4.x, licensing only started in version 5.0.

You can upgrade your 4215 to version 5.1 or version 6.0 without a license.

Minimum BIOS versions to upgrade and proceedures are easily searched on CCO.

Dear rhermes

Thanks for the responses ! However I have a query . I will be upgrading the BIOS and ROMMON of the IDS 4215 Version 4.1 sensor first to the one mentioned in the read me file i.e via IDS-4215-bios-5.1.7-rom-1.4 which is a BIN File .For this i will be using a Windows XP machine (correct me here if i should not use this and rather use a server ?) and i will install a TFTP Utiliy on the same for upgradation

Note :Here please consider the sensor and the desktop will be in same network

2) Once ROMMON and BIOS are upgraded , i will use the same desktop as a FTP Server installing any of the FTP Server utlities available in the internet .Here i want to ask you that in the URL mentioned below there are some recommendations provided for the "Supported HTTP and FTP Server " ( i have attached a snapshot too for quick reference); does that means that i cannot install utility such as "Winftp server" which is a free utility .If i can install this utility then what does this snapshot say?

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/idm/dmImage.html#wp1142501

Ankur

Yes, you can use the same PC as an FTP and TFTP server to upgrade your BIOS (if needed, you would have to have a pretty OLD sensor to need a BIOS upgrade, check the version you have).

Just about any FTP server should work, I've been using a free FTP server (Serv-U) on a windows box without any problems.

hi rhermes

Just a slight change .

I am having a IDS 4215 sensor in the network 192.168.0.92 and my windows xp m/c ( on which tftp and ftp is installed for upgrading the rommon/bios and software version respectively) IP is 172.16.39.177 .I have connected the windows xp m/c with the sensor via console cable and got the hyperterminal access via XP Desktop

Now my query is dueing the activity will i face any issue if my sensor and XP Desktop (from where i am taking hyperterminal) are in diff n/ws?.Just for your info , IDS Devcie is pinging from the desktop

Ankur

hi rhermes / marcabal / happs

Please reply to my query . its urgent

Thanks

Ankur

The tftp server, and the sensor are allowed to be on different networks. When you configure the settings in ROMMON you have to give the sensor an IP Address, and because your sensor is in a different network than your tftp server you will also need to give the sensor a default gateway IP. So long as the sensor can get to your tftp server by routing through the default gateway you will be fine.

NOTE: The ROMMON IP address for the sensor has to be separately configured from the IP Address you would normally give the sensor through the CLI setup command. But you CAN use the same address for both the ROMMON configuration and the setup configuration.

Thanks marcabal.The information helped a lot .However i have a query.

1) The IP Address of desktop is 172.16.39.177 , subnet is /24 and gateway is 192.168.0.198

2) From the XP desktop (on which FTP , TFTP is there ) , Sensor IP Address (192.168.0.92) is pinging

3) From the sensor , the desktop gateway is pinging ; howeevr not the XP Desktop

Hence please let me know that whether i should give the gateway to the sensor as 192.168.0.198 or not while doing the BIOS and ROMMON Upgradation

Attached is the snapshot

Your 172.16.39.177 dekstop is misconfigured.

With your dekstop having 172.16.39.177 with /24, and you sensor being 192.168.0.92 and assuming /24, then there needs to be a router that can route between these 2 networks (or a series of routers).

So we will assume one router with an interface on the 172.16.39.0/24 network and an interface on the 192.168.0.0/24 network.

You've provided the 192.168.0.198 as the router address for the 192.168.0.0/24 network, but you haven't said what the 172.16.39.0/24 address would be for your router.

The 192.168.0.198 address as the gateway address in your sensor's ROMMON configuration.

But in your desktop you need to use the router's 172.16.39.0/24 address (whatever it is) as the Default Gateway address (not the 192.168.0.198 address).

Thanks a ton marcabal !

1) Please find attached the new properties for desktop .The gateway and IP for desktop is 192.168.0.177 and 192.168.0.198 respectively.Also from sensor (192.168.0.92) , IP Address of the desktop is pinging .Therefore please let me know what IP Address should i use for rommon and do i have to give the gateway as 192.168.0.198 (gateway of sensor and desktop is same now ) while ROMMON and BIOS upgradation

2) As of now the monitoring interface (eth0) of the IDS is connected to a hub (having 4 interfaces) . 2 of the hub interfaces are connected to firewall , one for monitoring IDS interface and 1 for router (192.168.0.198).

As IDS is connected to HUB and as you know that IDS will monitor all the HUB Traffic (i.e no port mirroring configured) .Hence please let me know that when IDS will be upgraded to IPS , do we need to continue keep the monitoring interface connected to HUB or do you recommend to replace HUB with a switch

3) Also , how many interfaces on IDS will be required to configure upgraded IPS into promiscous mode(initially).

Regards

Ankur

Dear marcabal

Please reply to my query

Ankur

If the desktop and the sensor ROMMON IP addresses are in the same subnet then a gateway will not need to be configured in the sensor ROMMON.

When changing from Promiscuous to InLine you can also change to a switch.

There are 2 deployment types for inline monitoring with an appliance.

1) Inline interface pairs. In this scenario 2 interfaces of the sensor are paired together. A basic example would be to plug one interface into the inside interface of your firewall, and a second interace into the vlan where your inside machines are connected. Then create an inline interface pair with the 2 interfaces.

2) Inline vlan pair. In this scenario only a single interface is used. Instead of pairing 2 interfaces, a pair of vlans is created instead. A basic example here would be to plug you inside interface of your firewall into your switch using vlan 10. Plug all of your inside machines into vlan 11. Then plug your sensor port also into the switch and trunk both vlans 10 and 11. Then in the IPS configuration make an inline vlan pair of vlans 10 and 11.

Dear marcabal

Thanks again ,theres one more query.The IDS 4215 is showing the recovery partition version 4.1(1) S47.Hence please let me know if while upgrading sensor to 5.0 version , will recovery partition also gets automatically upgraded to new version or it will remain same . Else please let me know if we have to seperately upgrade the recovery partition version .

The point what i am trying to make here is if it is really required to keep the recovery partition version also intact with the latest sensor software version or even if we dont upgrade recovery partition version , it is alright to go ahead with only upgrading to IPS software 5.0 version

Regards

Ankur

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: