I am new to the IDS environment, we are planing to configure a NTP server on the IDS 4215 box.
I have a completed command set for the same as mentioned below.
sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# ntp-option enable
sensor(config-hos-ena)# ntp-servers ip_address key-id key_ID
now the problem for me is i don't have the Key-id & Key-value for my ntp server.
Can some one help me configue NTP with out the key-id information.
Unfortunately 5.1(8)E3 is pretty old and doesn't support unauthenticated ntp.
The 5.1 train has been End Of Saled, and is quickly approaching End Of Life/ End Of Signature Support:
Last date for Signatures for the 5.1 version is Oct 24th of this year.
So you only have around 4 months left before you would be forced to upgrade to 6.0 in order to continue getting signature updates.
The 4215 is also End Of Saled, but it's End Of Signature Support is not until July 29th 2011.
Version 6.0 is the last version to support the IDS-4215, so Signature Updates for 6.0 for the IDS-4215 will continue until at least July 29th 2011.
So if you upgrade to 6.0 now, you will still have 2 more years of signature updates before you need to purchase a new sensor.
The 6.0(5)E3 version does support the unauthenticated ntp option.
So you will want to plan an upgrade to 6.0 sometime in the next 4 months.
In the meantime you will need to use key authenticated ntp.
If you have access to a router you could try using the router as a temporary inbetween server.
The router would be configured to get its time for your existing ntp server. Talk to your network administrator on how to set this up.
Then configure the router to also be an ntp server with an authenitcated key.
Here is a section of the CLI Guide explaining how to setup the router as a key authenticated ntp server:
The sensor would be configured to use the router as the ntp server using that key.
This would be a temporary workaround until you can get upgraded to 6.0.