Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NEW IDS MC user-Protected networks setting?

We are just starting to use the IDS MC and have setup a few sensors, upgraded signatures on MC and 4235s and are ready to deploy.

While there is a *Internal Networks" configuration box, there is no familiar "Protected Networks" setting like on the Unix Director allowing you to specify networks to protect.

Does this mean it will inspect all packets on that wire? or is this configuration setting hidden somewhere?

Thanks !

2 REPLIES
New Member

Re: NEW IDS MC user-Protected networks setting?

I guess IDS MC will detect all the packets on that particular wire.

You can refer to the link http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/vpnman/vms_2_1/idsmc/install/instpdf.pdf

Hope this will help you to a very great extent.

Cisco Employee

Re: NEW IDS MC user-Protected networks setting?

"Internal" networks and "Protected" networks are the same thing.

Both configure the token: RecordOfInternalAddress in the packetd.conf file.

All that packetd uses this token for is to designate whether the source and destination addresses are IN or OUT with IN being an address in the RecordOfInternalAddress. The IN and OUT keywords can then also be used when creating filters (filters are RecordOfExcludedPattern tokens in packetd.conf). Some users will setup a filter to Excluded all alarms from an OUTside address to an OUTside address so that the sensor in effect only alarms for INside addresses.

So when migrating from Unix Director to IDS MC simply put your Protected Network entries in the Internal Network fields in IDS MC.

79
Views
0
Helpful
2
Replies
CreatePlease to create content