I have a question about the procedure for application partition recovery for the IDSM2 under 4.1.
The document Cisco IDS Appl & Module Inst & Conf quide 4.1 (78-15597-01) on page 9-80 & 9-81 lists procedures for CatOS and native IOS. In Step 6 under IOS, it shows UPGRADE FTP ... -install
Is the "-install" correct, or it is a typo in the doc? There's no -install flag in the CatOS example, and it's not clear why a sensor command should depend on the OS running in the 6500. The 4.1 Cmd Ref doesn't seem to document a -install switch, and the syntax in the Config Guide doesn't seem to be UNIX syntax (switch after operand).
The MP is a similar image for different service modules (the IDSM2,the NAM2, the FWSM, etc..)
Each module development team has tweaked the base code to work specific their module.
For some of the other modules they have a difference between factory installs and default installations.
Like the erasing of some pieces of configuration with the factory method that the default method leaves in place.
The IDSM2, however, does not have any difference between the 2. The factory should operate the exact same as the default.
The IDSM2 does not save any configuration on re-images. So just to be consistent with those modules that do we go ahead and tell users to use the "--install" option.
We have concentrated our testing on ensuring that the "--install" option to do factory installs works correctly, and that is what I would encourage you to use as well.
The default should work and run the exact same code as the factory install, but we just don't use it on a regular basis.
SIDE NOTE: You should only be running the upgrade command on the MP when you want to re-image the AP back to default settings. If you are just upgrading the AP from 4.0 to 4.1 then upgrade the MP to 1.3.2, and then while still in the AP upgrade the AP through it's own upgrade command using the 4.1 upgrade file (the -min- file, instead of the -a- file).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...