Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AIM-IPS-K9 Laboratories


I am doing a practice laboratories

I have a madule AIM-IPS-K9 in a router 2811 and I have configurated the interfaces how say the link:

I want to know if I can manager the IPS througth GUI,if its possible, then how i can into the module`s GUI, because I cant ping to the module (into the module I can ping everythings ),

I can into the SDM in the router, but I thinks that the option IPS in the SDM is to manager IOS IPS and not the module, is that true?

I thinks that cant ping the module`s ip address because works like firewall, then how can I go into the module?.

Thanks a lot

Cisco Employee

Re: AIM-IPS-K9 Laboratories

2 main things:

1) You have not configured an access-list no your AIM-IPS. With the default configuration the AIM-IPS will not allow any remote connections.

You will need to session to the AIM-IPS and run the "setup" command. One of the option in "setup" is to modify the access-list. You will need to add in the IP address (or entire network) for the box where you want to run IDM.

2) Your route statement in the router config is using the wrong address.

"ip route IDS-Sensor0/1"

should be:

"ip route IDS-Sensor0/1"

Notice the difference in and between the 2 commands.

Once you've made these changes, then try your ping test again. If the ping works, then next try an ssh connection to the sensor.

If both of these are working, then try browsing to the sensor "" and you shoudl be able to start up IDM for managing the sensor.

NOTE: Once you get IDM running, then you might consider downloading and installing IME. IME has the same configuration capability of IDM, but also has monitoring capability that IDM does not have.

From a monitoring perspective there are some additional things you need to know.

1) When you run "setup" you will be given the option for modifying the virtual sensors. You want to choose "yes", and you will want to add the GigabitEthernet0/1 interfaces to virtual sensor vs0 for monitoring.

Without this setting the packets might get to the AIM-IPS but the AIM-IPS will not do any analysis on them.

2) To best test the AIM-IPS's monitoring capability you really need packets to flow Through the router.

So I would recommend enabling the FastEthernet0/1 interface of your router and giving it an address on a new network ( maybe for the network and as the router's address).

Then connect a new machine to this router's interface and give it an IP on that new network ( maybe).

You will need to be sure that routes for this new network are properly configured for the machines in your network.

Now send traffic between a machine on the network and the new machines on the network. That traffic will be routed through the router, and if matched by the access-list 101 it should be sent to the AIM-IPS for inline monitoring.

You can run "packet display GigabitEthernet0/1" on the AIM-IPS to see what traffic is being sent to the AIM-IPS by the router for monitoring.

Now that you have traffic going through the router and being monitored by the AIM-IPS you can proceed with trying to generate attack traffic that the AIM-IPS should alert on and possibly deny.