Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
5
Helpful
5
Replies

NM-CIDS access problem

costin.vilcu
Level 1
Level 1

‎10-13-2006 10:22 AM - edited ‎03-10-2019 03:16 AM

Hi everyone!

I have a NM-CIDS-K9 in a Cisco 3845 Router and i did the exact steps in the documentation to configure it but still i can not access the IDM from LAN or any other interface. I can only access it from the router by telneting to it or by issuing the "service-module ids-sensor x/y session" command.

Any ideas about where do i go wrong?

Thanks!

Labels:
0 Helpful
5 Replies 5

a.kiprawih
Level 7
Level 7

‎10-14-2006 12:26 PM

Can you share the "sh settings" output?

I asumed all basic config, i.e IP, gateway and management ssh/https are correctly set.

What's the network list defined under access-list? Is it default value, or already set/changed to reflect whatever subnet/IP you allowed to? If this is default, change it accordingly.

Also, check whether the web-server settings is correctly configured. Default https is tcp 443 with TLS-enabled, or port 80 (without TLS).

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008045a77c.html#wp1031495

Rgds,

AK

0 Helpful

costin.vilcu
Level 1
Level 1
In response to a.kiprawih

‎10-16-2006 01:55 AM

Hi a.kiprawih,

unfortunatly i don't have access to the config file for the moment, but i permited access on the NM-CIDS to the whole LAN subnet that the router is conected to and also the webserver on the NM-CIDS is enabled on the default 443.

The problem i think is somewhere on the router as either i try to connect on 443 to the router's ip address or to the loopback interface that i configured for the NM-CIDS i get the same SDM interface and not the IDM interface as i expected.

Should i disable the ip http server on the router?

Should i use for management the FastEtherenet interface that is located on the module (Above this fastEthernet it say "Not used")?

thank you,

Costin

0 Helpful

a.kiprawih
Level 7
Level 7
In response to costin.vilcu

‎10-16-2006 02:31 AM

Hi Costin,

Yes, if you already assigned IP (for FastE management port) to the module, then you need to bring it up by connecting it to your hub/switch (use utp-straight cable, or cross-over cable if you connect direct to pc).

You should be able to ping the IDS module IP from router or any permitted station(s) in your network.

I did experienced the same issue when I first got the router+IDS. I was in puzzled on why I couldn't access the IDS, not until I hook the port to a switch.

I think that's the same reason why you can't access the module. And if you access your router via web interface(SDM), you should be able to jump to the IDS module now and get access to it. Or, use https to access it directly (https://x.x.x.x) from your workstation.

http://www.cisco.com/en/US/products/hw/modules/ps2797/products_module_installation_guide_chapter09186a00801a0130.html

Let the http server service running on the router, as this is meant for SDM. Otherwise, you wouldn't be able to access the box via web browser.

Give it a try. I believed your IDS should be ok now.

Rgds,

AK

costin.vilcu
Level 1
Level 1
In response to a.kiprawih

‎10-16-2006 03:16 AM

Thanks again,

i think this will solve it.

I was confused by the fact that above that port it is written "Not used" or something like that.

Costin

0 Helpful

a.kiprawih
Level 7
Level 7
In response to costin.vilcu

‎10-16-2006 04:31 PM

Good to hear that. Bring up the interface & test the operation & connectivity.

Pls rate all useful post(s)

rgds,

AK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card