Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot browse to IPS

Hi all,

I have some issues about IPS-4260 appliance with management. I used Cisco IPS Event Viewer 5.2 but no activity was shown to it and i cannot browse to IPS box through Https. i tried to reload box but issues still occured.

Please give me an idea to check or fix this case.

Thanks!!

6 REPLIES
Cisco Employee

Re: Cannot browse to IPS

Can you access the sensor via SSH?  If not, can you get a direct console connection to the sensor?  If so, please ensure you have an appropriate access-list entry configured to allow your host to access the sensor.

Also, IPS Event Viewer (IEV) has been replaced by IPS Manager Express (IME).  IME provides improved event monitoring for current versions of Cisco IPS software (5.1, 6.0, 6.1, 6.2, 7.0) and configuration management for IPS versions 6.1, 6.2 and 7.0.  You may want to consider upgrading.  You can find out more about IME by visiting:

http://www.cisco.com/go/ime

Scott

New Member

Re: Cannot browse to IPS

Hi Scott,

Thanks for reply

Yes, i can shell to the box. However i found that when i issued with 'show health'


Overall Health Status                                                Red
Health Status for  Failed Applications                          Green
Health Status for Signature  Updates                          Yellow
Health Status for License Key  Expiration                     Green
Health Status for Running in Bypass  Mode                  Green
Health Status for Interfaces Being  Down                     Green
Health Status for the Inspection  Load                         Green
Health Status for the Time Since Last Event  Retrieval   Red
Health Status for the Number of Missed Packets           Green
Health Status for the Memory Usage                           Not  Enabled

Security Status for Virtual Sensor vs0                         Green

Please clarify me about the status 'Red', Could it be related to my issues?

Cisco Employee

Re: Cannot browse to IPS

The red status reported for "Health Status  for the Time Since Last Event  Retrieval" indicates a SDEE-based client (IME, CS-MARS, etc) has not contacted the sensor to retrieve events in the configured time period.  As you are running a version of IPS software that supports health metrics, you will need to use IME for your event monitoring as IEV does not support the more recent versions of IPS software.

Another cause for failed event retrieval is an expired TLS certificate on the sensor.  You can check the valid date range for the current TLS certificate by issuing 'show version' on the CLI of the sensor; the TLS certificate details will be listed on the last lineo f the output:

Host Certificate Valid from: 14-Apr-2010 to 14-Apr-2012

Scott

New Member

Re: Cannot browse to IPS

Hi Scott,

This is output of show version, host cert still valid date

Cisco  Intrusion Prevention System, Version 6.1(1)E3

Host:
    Realm Keys          key1.0
Signature  Definition:
    Signature Update    S479.0                    2010-03-19
    Virus Update        V1.4                     2007-03-02
OS  Version:             2.4.30-IDS-smp-bigphys
Platform:                IPS-4260-K9
Sensor up-time is 25 min.
Using 1886916608 out of  4100345856 bytes of available memory (46% usage)
system is using 17.7M out of  29.0M bytes of available disk space (61% usage)
application-data is using  45.3M out of 166.8M bytes of available disk space (29% usage)
boot is  using 40.5M out of 69.5M bytes of available disk space (61%  usage)


MainApp          M-2008_APR_24_19_16    (Release)    2008-04-24T19:49:05-0500   Running
AnalysisEngine    ME-2008_OCT_17_00_32   (Release)   2008-10-17T00:58:23-0500    Running
CLI              M-2008_APR_24_19_16    (Release)    2008-04-24T19:49:05-0500


Upgrade History:

*  IPS-sig-S476-req-E3       07:07:30 UTC Wed Mar 10 2010
   IPS-sig-S479-req-E3.pkg   07:07:17 UTC Sun Apr 11 2010

Recovery Partition Version 1.1 -  6.1(1)E2

Host Certificate Valid from: 13-Jul-2008 to  14-Jul-2010

Do you have any an idea to check or verify to get me to access through the box via https?

Cisco Employee

Re: Cannot browse to IPS

Can you connect to the sensor's IDM interface?

https://

If you are using IPS Event Viewer (IEV) as previously indicated, it cannot monitor IPS version 6.1 and higher.  You need to use IPS Manager Express (IME).

Also, IPS release 6.1(1)E3 is no longer receiving signature updates or software maintenance support:

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps5729/ps5713/ps2113/end_of_life_notice_c51-543022.html

You should consider upgrading your sensor to at least version 6.2(2)E4, if not 7.0(2)E4 (which adds a feature for global correlation and reputation scoring of potentially malicious IP addresses).

Scott

New Member

Cannot browse to IPS

i have the same issue and after install compatible version of IPS Manager Express issue resolved.

Thanks for the help..

1353
Views
10
Helpful
6
Replies