Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Shunning doesn't work with pix 6.1(4)

I use IDS sensor version 3.1(3)S36 , and pix version 6.1(4) , and I am trying to do shunning on pix using telnet . But I face the following problem in the errors.managed :

12/17/2002 13:32:06UTC E Read error [Operation now in progress] fd [3]

12/17/2002 13:33:11UTC E Comm timeout for [pix_IP]. No recovery action will be taken at this time.

12/17/2002 13:33:57UTC E Comm timeout for [pix_IP]. No recovery action will be taken at this time.

Notes :

- the configuration file managed.conf is correct

- I can telnet manually (from the command line) from the sensor to the pix , so there is no communication problems .

- I know this problem is reported for pix 6.2(1) , does it also apply for 6.1(4) ?

- in the managed.conf file the conf is : "NetDevice [pix_IP] PIX [telnet_pass] [enable_pass]"

but when I execute the command "nrgetbulk 10003 hostid orgid 1 NetDevice" on the sensor I get :

"[pix_IP] Cisco [telnet_pass] [enable_pass]"

Does anyone has a solution beside the "use ssh" answer ?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Shunning doesn't work with pix 6.1(4)

You can get a little more detailed diagnostic information

by executing the command "nrget 10003 hostid orgid 1 Diagnostic".

This will tell you the state of all of the net devices used for shunning.

You can also determine if the CSCdx55215 bug is occurring

on your sensor:

From the sensor command line, telnet to the PIX. If you

see the banner "User Access Authentication", then the

bug will occur and you will need to get the nr.managed

engineering code for CSCdx55215.

Here is a link, which requires a CCO account, to the beta code:

http://www.cisco.com/cgi-bin/tablebuild.pl/nids

If you download the file, please send me an email

(stleary@cisco.com) and I will provide installation instructions.

I am pretty sure that you are seeing this bug because one of

the side effects is that the PIX is misreported as a router

(i.e. Cisco instead of PIX).

Cisco Employee

Re: Shunning doesn't work with pix 6.1(4)

Reply sent via email.

3 REPLIES
Cisco Employee

Re: Shunning doesn't work with pix 6.1(4)

You can get a little more detailed diagnostic information

by executing the command "nrget 10003 hostid orgid 1 Diagnostic".

This will tell you the state of all of the net devices used for shunning.

You can also determine if the CSCdx55215 bug is occurring

on your sensor:

From the sensor command line, telnet to the PIX. If you

see the banner "User Access Authentication", then the

bug will occur and you will need to get the nr.managed

engineering code for CSCdx55215.

Here is a link, which requires a CCO account, to the beta code:

http://www.cisco.com/cgi-bin/tablebuild.pl/nids

If you download the file, please send me an email

(stleary@cisco.com) and I will provide installation instructions.

I am pretty sure that you are seeing this bug because one of

the side effects is that the PIX is misreported as a router

(i.e. Cisco instead of PIX).

New Member

Re: Shunning doesn't work with pix 6.1(4)

Thanks very much for your reply ,

I do get the message "User Access Verification" when I telnet on PIX , I guess this is the problem . I downloaded the nr.managed engineering code for CSCdx55215 .Can you help me with the installation instructions ?

Cisco Employee

Re: Shunning doesn't work with pix 6.1(4)

Reply sent via email.

92
Views
0
Helpful
3
Replies
CreatePlease to create content