Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

IDS to router telnet connection for blocking

I have an IDS-4210 installed in conjunction with CSPM and have set up my blocking device which is a 2620 router. After testing a manual block then checking the router for the access-list statement we determined that the connection was not being maintained by the sensor even though the router shows a telnet connection from the sensor.. After working with the local Cisco Engineer and running nrgetbulk with NetDeviceStatus and NetDevice - the output shows that the connection does not stay active - it only shows Login_sent. I have the correct telnet, enable password, username in CSPM and the sensor shows this information also and have rechecked my sysconfig-sensor settings and all is correct. Is there something I'm missing in regards to the sensor to maintain the active telnet state for blocking.

4 REPLIES
Cisco Employee

Re: IDS to router telnet connection for blocking

What version of software is running on the 4210? There was a bug in the 2.5(X)SX version that exhibited the behavior that you describe. It was fixed in 3.0(1).

Community Member

Re: IDS to router telnet connection for blocking

I'm running 3.0(1) - just upgraded it.

Cisco Employee

Re: IDS to router telnet connection for blocking

Please email your router config and the managed.conf file to kleem@cisco.com and we'll take a look at it.

Community Member

Re: IDS to router telnet connection for blocking

I have sent this to kleem and await your advice - thanks for taking a look at this.

136
Views
0
Helpful
4
Replies
CreatePlease to create content