After I setup a Cisco 4240 IPS, I tried to access the appliance's IDM web portal. Unfortunately it would not connect. I read through all the troubleshooting documents and even read through these forums and none of the proposed solutions worked. The connecting computer and the IPS are on the same LAN, so it's not connection. The following is the output of the show version command:
Cisco Systems Intrusion Detection Sensor, Version 4.1(5)S225
OS Version 2.4.18-5smpbigphys
Using 647368704 out of 921522176 bytes of available memory (70% usage)
Using 5.2G out of 15G bytes of available disk space (37% usage)
IDS-sig-4.1-5-S225.rpm.pkg 11:01:08 UTC Tue May 09 2006
Recovery Partition Version 1.2 - 4.1(1)S47
The webserver is running. I did a packet capture when connecting to the IDM and I saw that the browser connects to the server. The browser then tries to setup the SSL connection by sending a Client Hello. The IDM webserver sends back an acknowledgement followed by a TCP reset. So for some odd reason the IDM webserver sends a TCP reset during the SSL connection creation phase. I don't know how to fix that on the IPS.
the interface configured as the (reset) interface should connect to the same network(VLAN etc)as the interface used for monitoring. Sounds like you have the (reset) interface configured on the management interface.....the management interface is the one you used to access with the webBrowser......
1) Are you using the correct web server port and using SSL/TLS?
By default the sensor is configured with SSL/TLS enabled, with the webserver running on port 443.
In the web brower you will use "https://" as the URL. Not the "s" after http. When "https" is used it will use SSL/TLS and connect to the default port 443.
2) Is your web client's IP Address in the Sensor's Access List (use the "setup" command to modify the access-list)
Either the web client's network space, or the client's individual ip address must be in the access-list in order to be allowed to connect to the web-server.
If you are entering just the client's ip address and not the entire subnet then do NOT use the normal netmask, instead use /32 (or 255.255.255.255) to designate it as a single IP.
Let's say your web client has IP 10.1.1.1 on the 10.1.1.0 network.
You could permit the entire 10.1.1.0 network by putting 10.1.1.0 255.255.255.0 (/24) in the access list.
OR you could permit just the 10.1.1.1 address by putting 10.1.1.1 255.255.255.255 (/32) in the access list.
BUT if you pu 10.1.1.1 255.255.255.0 (/24) in the access list then the sensor gets confused and will not permit you to access the sensor. (Version 4.x gets confused, in version 5.x it gives you an error and won't accept the entry).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :