Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

Bronze

Cisco IDS 4.1 - Problem with RDEP

I've been having a problem with RDEP.

My IDS event collection clients collect alarms from the IDS sensors using RDEP. This is essentially, as I understand it anyway, an argument passed to the sensor via a cgi script to dump the info from the IdsEventStore via HTTPS.

HTTPS is also used to connect to the sensor in order to configure it via IDM. In both cases, the requesting client is authenticated via a username/password pair.

Experience has shown that only one user can be logged into the sensor via HTTPS (SSL/TLS) at any time. So here's the problem:

If my RDEP client is happily collecting data and I use a browser to connect to IDM on the sensor, I receive an error stating "User limit has been reached

The maximum number of allowed users are currently logged in to IDM. Please try again later, or click here to force login." If I force the login, it can be assumed that I'll cause the RDEP client's connection to be severed.

Conversely, if I'm logged into IDM via a browser, my RDEP client will receive the same message and, being automated, will lack the ability to gather IDS alarms until I properly logout of the IDM interface on the sensor.

This functionality is defined somewhere, but I'm not too sure where. Does anyone have any suggestions on how (and if, for that matter) this can be modified to allow a maximum of two logins instead of the default one?

3 REPLIES
New Member

Re: Cisco IDS 4.1 - Problem with RDEP

It seems that you are using an administrator privilege user in your RDEP client. You can create a new viewer privilege user for your RDEP client and this will solve the problem since the IDS only allow 1 administrator login at a time.

Bronze

Re: Cisco IDS 4.1 - Problem with RDEP

Thanks for the reply, however my testing indicates that using a "viewer" privileged user instead of an "administrator" user doesn't change a thing.

No matter what the privilege level of the user logging in, either as an RDEP client or an IDM interactive user, the sensor is still only allow one login at a time and will not permit two or more simultaneous logins.

Again, is there anyway to change the settings on the sensor to allow more than one authenticated login via SSL/TLS?

Cisco Employee

Re: Cisco IDS 4.1 - Problem with RDEP

I suspect that you client does not support cookies as described in the RDEP specification (available on CCO). If you do not pass back the cookie that the Sensor provides when authentication initally takes place, every subsequent get will cause you to reauthenticate. The server supports a limited number (16) of sesions and so you will rapidly use up the available sessions if you are reauthenticating with every get. The Sensor will reuse the oldest, least used session if a new authentication request comes in.

IDM will use one of these sessions and is vulnerable to being bumped off if all the subscriptions are used. It will not be bumped off by a single RDEP connection. A separate threshold limits the number of users logged into IDM to 1.

158
Views
0
Helpful
3
Replies
CreatePlease to create content