Sorry for the problems with VMS at the moment. Any reason you cannot wipe out VMS installatio, re-install, and then re-import the sensor settings from the sensor itself? I usually think about the sensor as my backup for the settings I have. IDS MC should pick right back up where you left off. Just a thought.
Yes that is the idea Im pursuing. The problem seems to be that the sensor settings (filters, remote hosts et al) are not being imported by the MC. It appears that the sensor is being literally *reset* to a clean state.
Do you know if I need to install SSH keys or if there could be something preventing my configuration data from being imported?
I have a test server and Im going to try importing the sensor without first doing a sysconfig-sensor..perhaps thats it.
I appreciate your feedback and hope I can return the favor sometime.
OK heres the deal. I got through the Cisco TAC and the recommendation was to NOT upgrade but install ONLY VMS 2.2. and IDS MC 1.2 w/ SECMON 1.2.
It seems the conversion process can be fraught with possible glitches :( as Ive seen..
It seemed to work and the (one) sensor Ive imported retained its filters and settings (I tested by importing it to a backup, test server)
When attempting to imp[ort the sensor the MC states that it doesnt recognize the version so Ill probably have to import a new sensor and upgrade it step by step until the MC detects its at s50 (sheesh-thats a lotta work) There should be a way to just upgrade it in one swoop.
Anyways thanks for the feedback. Il keep you posted on the upgrade
I think I am the one in TAC that was talking to you yesterday ;)
Glad to hear the import worked for you. As for the not recognizing the version message, make sure you have the exact same sig update applied to IDS MC that you have on the sensor. Do not assume that just because you have a later sig level on IDS MC that it will "know" about the earlier signature updates on the sensor.
I had to upgrade the management console a step at a time from 3.1.s31 and after I got it to s45 it recognized the sensor (which was also at s45 doh)
Also at first the sensor didn't import correctly because I ran sysconfig-sensor and changed the mc setting thinking it had to be reporting to the other (test server) console to work. It turns out it will import correctly no matter what info is recorded via sysconfig-sensor.
So I got everything rebuilt and sensors re-imported and configured in a fraction of the time. Now we are detecting the MSBlaster scans at a record rate!
I uninstalled everything and only installed VMS 2.2 with IDSMC & SECMON 1.2 with CSA. No Integration Utility or CiscoView.
I really like what they did with the SECMON Event Viewer. A while back, I participated in the Beta survey and sent in a ton of improvement suggestions
and they actually listened!
Its mucho better and even retains the custom column settings in the event viewer now.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :