Device Manager for IPS on Cisco Security Manager

Unanswered Question
Jan 4th, 2009

Hi all,



We use a CSM ver 3.2.

We'd like to open device manager for IPS from CSM and we've got th following error.



"sensor minor version is newer than supported version"


and we cannot open the device manager;


Could anyone help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
sachinraja Mon, 01/05/2009 - 12:39

Hello Hari


which version of IPS are you running? The CSM 3.2 supports IPS version 5.1, 6.0 and sub-versions of these mainline OS.. Have a look at the CSM 3.2 hardware/software support matrix:


http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/3.2/compatibility/information/csmsdt32.html


Compatibility matrix overall for all versions of CSM:


http://www.cisco.com/en/US/products/ps6498/products_device_support_tables_list.html


Hope this helps.. all the best...


Raj

harinirina Mon, 01/05/2009 - 22:20

Hi,



here is the show ver of the IPS, it's a module on 6500.



Cisco Intrusion Prevention System, Version 6.1(1)E1


Host:

Realm Keys key1.0

Signature Definition:

Signature Update S329.0 2008-04-16

Virus Update V1.2 2005-11-24

OS Version: 2.4.30-IDS-smp-bigphys

Platform: WS-SVC-IDSM-2

No license present

Sensor up-time is 1:21.

Using 1399341056 out of 1983504384 bytes of available memory (70% usage)

system is using 17.7M out of 29.0M bytes of available disk space (61% usage)

application-data is using 34.8M out of 166.8M bytes of available disk space (22% usage)

boot is using 40.5M out of 68.6M bytes of available disk space (62% usage)

application-log is using 529.0M out of 2.8G bytes of available disk space (20% usage)



MainApp M-2008_APR_24_19_16 (Release) 2008-04-24T19:49:05-0500 Running

AnalysisEngine M-2008_APR_24_19_16 (Release) 2008-04-24T19:49:05-0500 Running

CLI M-2008_APR_24_19_16 (Release) 2008-04-24T19:49:05-0500


Upgrade History:


IPS-K9-6.1-1-E1 19:16:00 UTC Thu Apr 24 2008

Maintenance Partition Version 2.1(3)


Recovery Partition Version 1.1 - 6.1(1)E1




The version of CSM is 3.2.1.



Does the CSM support the IOS running on the IPS?

sachinraja Tue, 01/06/2009 - 06:33

This is what the compatibility matrix says:


IPS sensors and modules-IPS Software 5.1 and 6.0. You can also use IPS Software 6.1, but it is treated as 6.0. Features unique to 6.1 are not supported.




--------------------------------------------------------------------------------


Note IPS signature updates are supported only on IPS Software 5.1(5)E1 and later.


It supports IDS module on 6500, and also 6.1 software, but it takes only 6.0 features !


Hope this helps..


Raj

harinirina Tue, 01/06/2009 - 08:21

Hi Raj,



We cannot even open IDM. When continueing to load IDSM, we got the message "fail to load sensor - null).


Also, we cannot launch IPS Event Viewer. it doesn't load fully.


The IDSM is configured with basic config for the moment (IP adress and gateway, ACL permitting CSM to discover the IDSM module).


What should we do so we can monitor IPS from CSM?


sachinraja Tue, 01/06/2009 - 08:27

Hello Hari


Did you check this document, on how to add IPS to CSM ?


http://www.cisco.com/en/US/products/ps6498/products_tech_note09186a0080846d67.shtml


if the IPS is added right, and IPS gives access to CSM to pull reports, it should work fine.. just check for the "allowed host" parameter on the IPS.. From the CSM, first try to launch normal IDS device manager through https.. See if there is access to IDS event viewer from CSM IP address.. If this doesnt work by itself, there is some issue in the IDS config or browser settings, java, applet etc..


If this works, then the settings on IDS should be fine.. we then need to concentrate on troubleshooting CSM.. the doc given, has basic configs and troubleshooting steps..


Hope this helps.. all the best..


Raj

harinirina Wed, 01/07/2009 - 01:11

Hi Raj,


IDSM is already added to CSM.


We tried to launch IDM using web browser, it works fine.


The problem appears only when launching it from CSM.


More help is really appreciated.

harinirina Thu, 01/08/2009 - 07:00

Hi Raj,


We have upgraded CSM version. we can now launch IDM and IPS Event Viewer.


Thanks for your help.

Actions

This Discussion