Cisco IPS-4255-K9 Installation Guide - Page 321
Verifying the Interfaces and Directions on the Network Device
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 321 highlights
Chapter A Troubleshooting Troubleshooting the Appliance For More Information For the procedure for verifying the interfaces and directions for each network device, see Verifying the Interfaces and Directions on the Network Device, page A-43. Verifying the Interfaces and Directions on the Network Device To verify that each interface and direction on each controlled device is correct, you can send a manual block to a bogus host and then check to see if deny entries exist for the blocked addresses in the ACL of the router. Note To perform a manual block using IDM, choose Monitoring > Sensor Monitoring > Time-Based Actions > Host Blocks. To perform a manual block using IME, choose Configuration > sensor_name > Sensor Monitoring > Time-Based Actions > Host Blocks. To initiate a manual block to a bogus host, follow these steps: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Enter ARC general submode. sensor# configure terminal sensor(config)# service network-access sensor(config-net)# general Start the manual block of the bogus host IP address. sensor(config-net-gen)# block-hosts 10.16.0.0 Exit general submode. sensor(config-net-gen)# exit sensor(config-net)# exit Apply Changes:? [yes]: Press Enter to apply the changes or type no to discard them. Telnet to the router and verify that a deny entry for the blocked address exists in the router ACL. Refer to the router documentation for the procedure. Remove the manual block by repeating Steps 1 through 4 except in Step 2 place no in front of the command. sensor(config-net-gen)# no block-hosts 10.16.0.0 Enabling SSH Connections to the Network Device If you are using SSH-DES or SSH-3DES as the communication protocol for the network device, you must make sure you have enabled it on the device. To enable SSH connections to the network device, follow these steps: Step 1 Step 2 Log in to the CLI. Enter configuration mode: sensor# configure terminal OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-43