Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
503
Views
5
Helpful
4
Replies

IDS4.1 update from VMS

cburgarella
Level 1
Level 1

‎03-12-2004 07:11 AM - edited ‎03-09-2019 06:44 AM

Hi all,

We implemented a new VMS Server with 4 IDS 4235 ver.4.1.

VMS is 2.2 with latest service packs installed.

The sensors were imported in VMS when the version was 4.1(3).74.

Then i developed some filters, signatures , internal networks on one of them, saved and copied the config to the other and deploied.

One of them is failing to get updated, and the others doesn't get any configuration from the ids manager,

the one is failing the update, return the following error:

IDS1(config)# tls trusted-host ip-address 10.10.10.10 port 443

Error: socket connect failed [4,110]

what is happening?

Labels:
0 Helpful
4 Replies 4

marcabal
Cisco Employee
Cisco Employee

‎03-12-2004 11:04 AM

The "tls trusted-host ip-address" command tells the sensor to establish an HTTPS connection back to that HTTPS server and pull down it's SSL/TLS certificate.

In your case the IDS MC is executing this command so that the sensor will be able to connect back to the HTTPS server of the IDS MC box.

This is because for updates the IDS MC does not push the update to the sensor, instead it tells the sensor to connect back to the HTTPS port of the IDS MC and have the sensor get the update.

This means for the IDS MC to be able to update the sensor your network needs to allow HTTPS and SSH connections to the sensor from the IDS MC, as well as, an HTTPS connection from the sensor back to the IDS MC.

If there is a router or firewall between the 2 preventing that HTTPS connection then you will receive that error, or if the IDS MC's address is being NAT'ed or PAT'ed between the 2 then the sensor won't be able to connect to the IDS MC and you will get that error.

The error is stating that the sensor could not connect to the HTTPS port of the IDS MC machine.

I am not sure what is needed on the IDS MC to get it work in situations where the sensor is not able to connect to the IDS MC.

jodr
Level 1
Level 1
In response to marcabal

‎04-08-2004 01:56 AM

Hi,

We are having the same problem of managing a sensor from behind a firewall. The ids mc address is hidden and we can't setup a tls connection from the sensor.

A solution would be welcome.

Johan.

0 Helpful

og-ops-be
Level 1
Level 1
In response to marcabal

‎04-14-2004 02:16 AM

Hi,

We have a customer requesting these facts documented somewhere.

Do you know if there exists an official url or document describing these network settings?

Thanks,

Stephen

Ubizen - Security Analyst

0 Helpful
Customers Also Viewed These Support Documents