cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
537
Views
0
Helpful
2
Replies

Cat6000 IDS module and CSPM 2.3i

cobrien
Level 1
Level 1

Unable to establish communication b/w IDS module and CSPM server. Able to ping b/w the two however. Have all correct parameters in IDS module and server. Any clues as to where to look?

2 Replies 2

netanalyze
Level 1
Level 1

If there is a Firewall involved between CSPM and IDS are you letting through port 45000 (post office for CSPM/IDS) not POP?

typical communication problems:

1) Mispellings/Misnumbering when defining netwokring parameters.

Execute "show conf' on the module and check each of these values very carefully with the vlaues for the CSPM machine.

For the CPSM hostid, origid, hostname, and orgname check the hosts file under the etc directory under the directory for postoffice.

2) As "netanalyze" has stated, Firewalls could be preventing communication.

3) Be sure duplicate ips are not being seen. If using IDSMv3.0 then you can configure it to allow a telnet directly from the CSPM box address. Telnet from the CSPM box to the IDSM and ensure that you are connecting to the IDSM, and another box with the ame address.

4) Ensure that all necessary daemons are running.

Run show con on the module and ensure that all of the daemons are listed as running.

Use Task Manager on the CSPM box to ensure that at least postofficed is running.

5) Ensure that the UDP traffic is not being fragmented. Use a sniffer to analyze the traffic between the module and CSPM. Ensure that UDP packets on port 45000 are going back and forth between the two. Also verify that they are not being fragmented. There have been issue with the fragmented UDP packets not being put back together properly by postofficed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: