Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Problem with discovery of an IPS 6.x device

I'm having a problem with discovery of an IPS 4240 running 6.1(1)E1 device on a MARS 20 running 4.3.2. The "Test Connectivity" function returns the following error:

PN-0001:PnLogger message map not initialized

along with a suggestion to verify access by running telnet to port 443 from the MARS CLI (which I've done and it works just fine). I'm receiving events from the IPS just fine, but have an incomplete topology map because of the failed discovery.

I suspected it might have been a certificate validation issue and have regenerated the cert on the IPS and manually validated the new fingerprint on the MARS, and I've tried setting the "name" of the IPS device on the MARS to match the subject of the cert (which seems to be the IP address of the IPS rather than its hostname) to no avail.

Any troubleshooting tips appreciated.

8 REPLIES

Re: Problem with discovery of an IPS 6.x device

Try the following:

Configuration >> Sensor Setup >> Certifcates >> Trusted Hosts >> Add

Add the MARS finger-print there.

Command Line is " tls trusted-host" I think.

Also make sure the MARS box in the the:

Configuration >> Sensor Setup >> Allowed Hosts

A simple way to check this is that the MARS can ping the IPS.

The last option would be to run a detailed log I guess.

Regards

Farrukh

New Member

Re: Problem with discovery of an IPS 6.x device

The MARS box was already in the Allowed Hosts, but it's now a Trusted Host as well. Discovery still fails with the same error.

If I run a tcpdump from the MARS I can actually see the TCP connection come up between the MARS and IPS, exchange data, then go away gracefully.

Is there any way I can get more details information out of the MARS? I've set logging on the "discovery" service to TRACE level but it gives me nothing new. I also can't see anything useful in a diagnostic report on the IPS.

Thanks for your help so far.

Re: Problem with discovery of an IPS 6.x device

Could it be a support issue?

This is the reaason why I did not upgrade to 6.1.x on any of our clients. Officially the support is only till 6.0.x.

Have a look at this:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/4.3/compatibility/local_controller/dtlc43x.html

Regards

Farrukh

New Member

Re: Problem with discovery of an IPS 6.x device

Ah, I hadn't realised MARS 4.3 didn't support IPS 6.1. It could well be a support issue. Thanks for the link.

I would be nice to see a more definitive error message from something, though.

Might need to look at downgrading the IPS.

Re: Problem with discovery of an IPS 6.x device

Ok let us know how it goes :)

Regards

Farrukh

Re: Problem with discovery of an IPS 6.x device

It seems the bug you are facing is a cosmetric one only, just add the 6.1 sensor and it should work, have a look at:

http://blog.crimsonsilo.com/2008/05/ips-61-cs-mars-534-issue/

Please rate helpful posts.

Regards

Farrukh

New Member

Re: Problem with discovery of an IPS 6.x device

Thanks, Farrukh, your help has been invaluable.

I looked up the bug id from the blog post (CSCsq07003) in the bug toolkit and there's a workaround to fix the failing connectivity test too.

edit - Hmm.. now that I've rated your post I seem to have missed the chance to flag it as resolving the issue. Doh.

Re: Problem with discovery of an IPS 6.x device

No problem with that :)

The important thing is that you have it working now (or will do soon)

Regards

Farrukh

509
Views
20
Helpful
8
Replies
CreatePlease to create content