I have some issues about IPS-4260 appliance with management. I used Cisco IPS Event Viewer 5.2 but no activity was shown to it and i cannot browse to IPS box through Https. i tried to reload box but issues still occured.
Can you access the sensor via SSH? If not, can you get a direct console connection to the sensor? If so, please ensure you have an appropriate access-list entry configured to allow your host to access the sensor.
Also, IPS Event Viewer (IEV) has been replaced by IPS Manager Express (IME). IME provides improved event monitoring for current versions of Cisco IPS software (5.1, 6.0, 6.1, 6.2, 7.0) and configuration management for IPS versions 6.1, 6.2 and 7.0. You may want to consider upgrading. You can find out more about IME by visiting:
Yes, i can shell to the box. However i found that when i issued with 'show health'
Overall Health Status Red Health Status for Failed Applications Green Health Status for Signature Updates Yellow Health Status for License Key Expiration Green Health Status for Running in Bypass Mode Green Health Status for Interfaces Being Down Green Health Status for the Inspection Load Green Health Status for the Time Since Last Event Retrieval Red Health Status for the Number of Missed Packets Green Health Status for the Memory Usage Not Enabled
Security Status for Virtual Sensor vs0 Green
Please clarify me about the status 'Red', Could it be related to my issues?
The red status reported for "Health Status for the Time Since Last Event Retrieval" indicates a SDEE-based client (IME, CS-MARS, etc) has not contacted the sensor to retrieve events in the configured time period. As you are running a version of IPS software that supports health metrics, you will need to use IME for your event monitoring as IEV does not support the more recent versions of IPS software.
Another cause for failed event retrieval is an expired TLS certificate on the sensor. You can check the valid date range for the current TLS certificate by issuing 'show version' on the CLI of the sensor; the TLS certificate details will be listed on the last lineo f the output:
Host Certificate Valid from: 14-Apr-2010 to 14-Apr-2012
This is output of show version, host cert still valid date
Cisco Intrusion Prevention System, Version 6.1(1)E3
Host: Realm Keys key1.0 Signature Definition: Signature Update S479.0 2010-03-19 Virus Update V1.4 2007-03-02 OS Version: 2.4.30-IDS-smp-bigphys Platform: IPS-4260-K9 Sensor up-time is 25 min. Using 1886916608 out of 4100345856 bytes of available memory (46% usage) system is using 17.7M out of 29.0M bytes of available disk space (61% usage) application-data is using 45.3M out of 166.8M bytes of available disk space (29% usage) boot is using 40.5M out of 69.5M bytes of available disk space (61% usage)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...