Cisco IPS-4255-K9 Installation Guide - Page 306
Correcting a Miscon d Access List, Step 6
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 306 highlights
Troubleshooting the Appliance Chapter A Troubleshooting Step 6 Step 7 Add a permit entry for the workstation network address, save the configuration, and try to connect again. Make sure the network configuration allows the workstation to connect to the sensor. If the sensor is protected behind a firewall and the workstation is in front of the firewall, make sure the firewall is configured to allow the workstation to access the sensor. Or if the workstation is behind a firewall that is performing network address translation on the workstation IP address, and the sensor is in front of the firewall, make sure that the sensor access list contains a permit entry for the workstation translated address. For More Information • For the procedures for changing the IP address, changing the access list, and enabling and disabling Telnet , refer to Configuring Network Settings. • For the various ways to open a CLI session directly on the sensor, see Chapter 9, "Logging In to the Sensor." Correcting a Misconfigured Access List To correct a misconfigured access list, follow these steps: Step 1 Step 2 Step 3 Step 4 Log in to the CLI. View your configuration to see the access list. sensor# show configuration | include access-list access-list 10.0.0.0/8 access-list 64.0.0.0/8 sensor# Verify that the client IP address is listed in the allowed networks. If it is not, add it. sensor# configure terminal sensor(config)# service host sensor(config-hos)# network-settings sensor(config-hos-net)# access-list 171.69.70.0/24 Verify the settings. sensor(config-hos-net)# show settings network-settings host-ip: 10.89.149.238/25,10.89.149.254 default: 10.1.9.201/24,10.1.9.1 host-name: sensor-238 default: sensor telnet-option: enabled default: disabled access-list (min: 0, max: 512, current: 3 network-address: 10.0.0.0/8 network-address: 64.0.0.0/8 network-address: 171.69.70.0/24 A-28 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01