04-26-2007 01:22 AM - edited 03-10-2019 03:34 AM
We have installed a 4150 SX Cisco Intrusion Prevention System, Version 5.1(2)S240.0 sensor using vlan pairs.
The problem that we are experiencing is that when the Cisco vpn client is installed on Microsoft Vista, the IPS causes the IPSec tunnel to be broken shortly after the connection is made to the vpn3000 concentrator.
With widows xp and the same vpn client, we have no problem like this.
Is anyone aware of any problems relating to vista, the IPS and vpn client?
04-26-2007 08:59 AM
Problems like this are generally because of the Normalizer.
The Normalizer has been modified since 5.1(2) to account for other situations.
Those changes since 5.1(2) may or may not have addressed this issue.
I would recommend upgrading to 5.1(5)E1:
IPS-K9-5.1-5-E1.pkg
http://www.cisco.com/cgi-bin/tablebuild.pl/ips5
Then trying your test again.
If the problem goes away then one of the Normalizer changes likely addressed the issue.
If the problem remains, then you might consider contacting the TAC.
The development team would need a copy of your configuration and traffic traces of the problem traffic in order to try and diagnose the issue.
04-27-2007 12:02 AM
the patch is for IPS Service Pack for IPS-4260 Sensor Platform.
can it be used on a 4250-SX. does the sensor have to have a valid licence in order to apply the fix.
04-27-2007 10:52 AM
There are 2 upgrade files for 5.1(5)E1:
IPS-4260-K9-5.1-5-E1.pkg
and
IPS-K9-5.1-5-E1.pkg
The first is only for the IPS-4260, and the second will work on all other Cisco IPS platforms.
Technically a service contract is required for the download and installation of any software updates.
However, the service contract requirement is not enforced with a license for Major Upgrades, Minor Upgrades, or Service Packs.
So the software won't prevent the installation if you don't have a license. But you should legally only install them if your have purchased the service contract.
The service contract is enforced by a license for Signature Updates and Engine Updates.
In your situation if you do not currently have a license, but do intend on purchasing a service contract, then go ahead and download and install the 5.1(5)E1 upgrade package and start your process for purchasing the service contract.
In the mean time you can also go ahead and request a Trial license for your sensor if you have not already done so.
This will allow you to bring your sensor up to date while you go through the purchasing process for your service contract.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: