Initial configuration for a IDSM-2

Unanswered Question
Jul 30th, 2009
User Badges:

Hi,


I have configured the IPS Appliance and the IPS module on ASAs... now I need to configure an IDSM-2 on a 6500.

Is it basically the same thing?

I need to configure it as an IDS first, then we will change it to IPS, so I understand that I can use SPAN to send traffic to the module, and configure the interface on the module to monitor the traffic, is this correct?

Is there anything else I should be aware of?

Thank you for any insight!


Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Wed, 08/05/2009 - 14:17
User Badges:
  • Silver, 250 points or more

Configuration Sequence

Perform the following tasks to configure IDSM-2:


1. Configure the Catalyst 6500 series switch for command and control access to IDSM-2.


2. Log in to IDSM-2.


3. Configure the switch to send traffic to be monitored to IDSM-2.

The below URL explains about the configuration of IDSM-2 with 6500 cat switch:

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_idsm2.html#wp1059935


4. Initialize IDSM-2.


Run the setup command to initialize IDSM-2. During setup, you can configure the interfaces of IDSM-2.


5. Create the service account.


6. Perform the other initial tasks, such as adding users, trusted hosts, and so forth.


7. Configure intrusion prevention.


8. Perform miscellaneous tasks to keep IDSM-2 running smoothly.


9. Upgrade the IPS software with new signature updates and service packs.


10. Reimage the application partition and the maintenance partition when needed.



Actions

This Discussion