Man, I hate Java. It sucks. It gets updated due to Security issues, and access to ASA and IPS GUIs breaks. So you have to either stay with the security issues and not upgrade, or lose access to your hardware. It sucks.
That said, it does mean that I can ditch the GUI and learn the IPS CLI better! You know, silver lining and all that jazz.
OK, so the easiest way to get up and running with the IPS is to use the "setup" command. Or you can find this useful command out later, and do it the hard way, like I did, but I got there in the end:
IDS-4240# conf t
IDS-4240(config)# service host
IDS-4240(config-hos)# network-settings
IDS-4240(config-hos-net)# host-ip 10.1.4.155/24,10.1.4.254
IDS-4240(config-hos-net)# telnet-option enab
IDS-4240(config-hos-net)# exit
IDS-4240(config-hos)# show settings
network-settings
-----------------------------------------------
host-ip: 10.1.4.155/24,10.1.4.254 default: 192.168.1.2/24,192.168.1.1
host-name: IDS-4240 default: sensor
telnet-option: enabled default: disabled
access-list (min: 0, max: 512, current: 2)
-----------------------------------------------
network-address: 0.0.0.0/0
-----------------------------------------------
network-address: 192.168.1.0/24
-----------------------------------------------
-----------------------------------------------
ftp-timeout: 300 seconds
login-banner-text:
dns-primary-server
IDS-4240(config-hos)# exit
Apply Changes?[yes]: yes
Warning: DNS or HTTP proxy is required for global correlation inspection and reputation filtering, but no DNS or proxy servers are defined.
IDS-4240(config)#
IDS-4240# ping 10.1.4.254
PING 10.1.4.254 (10.1.4.254): 56 data bytes
64 bytes from 10.1.4.254: icmp_seq=0 ttl=255 time=27.0 ms
64 bytes from 10.1.4.254: icmp_seq=1 ttl=255 time=5.2 ms
IDS-4240#
I needed to add a couple of ACLs, and we do that this way:
IDS-4240(config)# service host IDS-4240(config-hos)#network-settings IDS-4240(config-hos-net)# access-list 10.1.20.0/24 IDS-4240(config-hos-net)# access-list 10.1.4.0/24 IDS-4240(config-hos-net)# exit IDS-4240(config-hos)#exitIf you want to run the IDM (the easy way), then you'll need to create an exception in Java for the http site, then turn off TLS (and props to CZNetlab for the tips):
IDS-4240(config)# service web-server IDS-4240(config-web)# enable-tls false IDS-4240(config-web)# port 80 IDS-4240(config-web)# ex Apply Changes?[yes]: yes IDS-4240(config)# exitWe lose security, but gain accessibility. But it's a lab, so I guess thats OK. Oh, wait, it's a security exam though.... I won't tell if you won't.
Right, so what can we do now? Well, we need to do a few things:
- Set up VLAN-pairs for monitoring
- Set up some custom rules
- Set up a shun-list that can be used by the vWLC
It hangs at 51%, and the pings fail:
IDS-4240# ping 10.1.4.254 PING 10.1.4.254 (10.1.4.254): 56 data bytes --- 10.1.4.254 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss IDS-4240# ping 10.1.4.1 PING 10.1.4.1 (10.1.4.1): 56 data bytes --- 10.1.4.1 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss IDS-4240#Even with doubling the memory, the same issue exists. I still have console access, so can set up everything I need to via the command line, but when it comes to testing it, I'll be shit out of luck at the moment as connectivity will drop.
Other devices are fine though, so it looks very much like its confined to the IPS.
Well, I am off to the drawing board (and the forum). If anyone has any ideas, please do post them below!
2 comments
commentsHello,
ReplyGetting the same issue. IPS lost connectivity after some time. Any workaround please?
Cheers!
have not found one so far. Will post an update when I do!
Reply