×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

building network topology in CSPM for IDS management??

Unanswered Question
Mar 10th, 2003
User Badges:

I have installed CSPM 2.3.3i and IDS 3.0(5). To set up the network topology in CSPM, i need to begin from the node that allows access to the internet. In my case it is the ISP router for whcih i dont ahve the password adn the ISP also doesn't remember the password. I have the following questions:


1. after the isp router ( coming towards our internal network) is the pix 6.2 installed which is not supported by the cspm 3.0. so is it ok if i start building my network from the catalyst switch which is the next node after the firewall.


2. secondly, if i do password recovery for the router, do i lose the existing configuration. i have never done password recovery before and wud appreciate any tips regarding the same. i intend to follow directions given at:


http://www.cisco.com/en/US/products/hw/routers/ps259/products_password_recovery09186a0080094675.shtml


Thanks in advance!!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pcrgm1119 Mon, 03/10/2003 - 09:28
User Badges:

So just to clarify, you plug your Internet T1 (or whatever) straight into the PIX? When configuring the topology, which is the key to using this software properly, what is meant by starting at the most upstream point is to have the correct default gateways, i.e. the serial addresses of you ISP. These should define the internet nodes interface. From there you should define your edge router, then your firewall, and any DMZ.'s off the PIX. This is really all you should need to define, as the depth into the network isn't that important for this tool. That's what the CSPM3.0 is for. And the CSPM 3.0 will recognize the PIX OS v6.2. Just update the software the the proper version

vikrantarora Mon, 03/10/2003 - 11:51
User Badges:

The ISP router at our facility directly connects to the pix which further goes upstream to cat 6509 in which ids is installed. ids is in same subnet as the cspm.


From your answer it seems i have to configure either the router or the pix as the starting point. i dont intend to upgrade cspm, so i shud start from the ISP router. After which i should skip firewall and configure cat 6509 as the next enforcement point. please confirm.


And how about the password recovery, do i lose the existing configuration or not?

Actions

This Discussion