Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
3
Replies

IPS vista, and cisco vpn client

darin.marais
Level 4
Level 4

‎04-26-2007 01:22 AM - edited ‎03-10-2019 03:34 AM

We have installed a 4150 SX Cisco Intrusion Prevention System, Version 5.1(2)S240.0 sensor using vlan pairs.

The problem that we are experiencing is that when the Cisco vpn client is installed on Microsoft Vista, the IPS causes the IPSec tunnel to be broken shortly after the connection is made to the vpn3000 concentrator.

With widows xp and the same vpn client, we have no problem like this.

Is anyone aware of any problems relating to vista, the IPS and vpn client?

Labels:
0 Helpful
3 Replies 3

marcabal
Cisco Employee
Cisco Employee

‎04-26-2007 08:59 AM

Problems like this are generally because of the Normalizer.

The Normalizer has been modified since 5.1(2) to account for other situations.

Those changes since 5.1(2) may or may not have addressed this issue.

I would recommend upgrading to 5.1(5)E1:

IPS-K9-5.1-5-E1.pkg

http://www.cisco.com/cgi-bin/tablebuild.pl/ips5

Then trying your test again.

If the problem goes away then one of the Normalizer changes likely addressed the issue.

If the problem remains, then you might consider contacting the TAC.

The development team would need a copy of your configuration and traffic traces of the problem traffic in order to try and diagnose the issue.

0 Helpful

darin.marais
Level 4
Level 4
In response to marcabal

‎04-27-2007 12:02 AM

the patch is for IPS Service Pack for IPS-4260 Sensor Platform.

can it be used on a 4250-SX. does the sensor have to have a valid licence in order to apply the fix.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to darin.marais

‎04-27-2007 10:52 AM

There are 2 upgrade files for 5.1(5)E1:

IPS-4260-K9-5.1-5-E1.pkg

and

IPS-K9-5.1-5-E1.pkg

The first is only for the IPS-4260, and the second will work on all other Cisco IPS platforms.

Technically a service contract is required for the download and installation of any software updates.

However, the service contract requirement is not enforced with a license for Major Upgrades, Minor Upgrades, or Service Packs.

So the software won't prevent the installation if you don't have a license. But you should legally only install them if your have purchased the service contract.

The service contract is enforced by a license for Signature Updates and Engine Updates.

In your situation if you do not currently have a license, but do intend on purchasing a service contract, then go ahead and download and install the 5.1(5)E1 upgrade package and start your process for purchasing the service contract.

In the mean time you can also go ahead and request a Trial license for your sensor if you have not already done so.

This will allow you to bring your sensor up to date while you go through the purchasing process for your service contract.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card