User Guide for Cisco IPS Manager 3.0 - Solving Common Problems in IPS MC [Cisco Security Manager]

Table Of Contents

Solving Common Problems in IPS MC

Post-Upgrade Installation Note for IPS MC 2.2 and Security Monitor 2.2

Solving Common Problems in IPS MC

Use static IP addresses for the host or hosts where Management Center for IPS Sensors (IPS MC) is installed, because DHCP is not supported for IPS MC.

If you are having trouble updating your IDS sensor software, see Identifying an NTP Server for a troubleshooting procedure.

If you are having trouble updating your IOS IPS crypto configuration, your tftp server may not be running, or your tftp directory may not have adequate permissions. For possible solutions, see Updating the IOS IPS Crypto Configuration.

If you are having trouble with SSH keys, note the following special case: You cannot use SSH keys with a particular sensor if you want to use that sensor as a master blocking sensor.

If you are entering ACLs in the IPS MC GUI, observe the following notes:

Note Entering an ACL on the IOS IPS Rules page or the IOS IPS Filters page identifies the ACL name or number only; it does not create the ACL. To create the ACL, use the command line on the IOS IPS device that you are configuring. If you enter an ACL name or number and deploy the configuration while no corresponding ACL exists in the router, this command has no effect.

Note Entering an ACL on the IOS IPS Port Mapping page identifies the ACL number only; it does not create the ACL. To create the ACL, use the command line on the IOS IPS device that you are configuring. If you enter an ACL number and deploy the configuration while no corresponding ACL exists in the router, this command has no effect.

If you receive an error message during initial deployment of an IOS IPS device, you may have exceeded the memory available on the IOS IPS device. For more information, see the CSCsa22185 Release Note Enclosure in the Cisco Software Bug Toolkit or in the Release Notes for IPS MC.

If your sensors already have an existing NTP server configuration, observe the following caution:

Caution If your sensors already have an existing NTP server configuration, such as you might have established outside of IPS MC, be certain to identify the NTP server by using the procedure Identifying an NTP Server. Otherwise, your NTP server settings might be lost. We recommend selecting the Global group in that procedure.

Post-Upgrade Installation Note for IPS MC 2.2 and Security Monitor 2.2

This post-upgrade installation note applies when you are upgrading IPS MC 2.1 to IPS MC 2.2 and when you are upgrading Monitoring Center for Security (Security Monitor) 2.1 to Security Monitor 2.2.

This note does not apply if you are performing a new installation rather than an upgrade installation.

During upgrade, your sensors may continue to detect events, but they cannot send them to your server. Because the upgrade can take up to two hours, your sensors may detect many events during that time, and subsequently flood your server after startup. In turn, your system may throttle and possibly even pause the receiver on startup following the upgrade, while all unretrieved events are forwarded from the sensors. As the user, though, you can be assured that events will not be lost during upgrade, except possibly under extreme circumstances.

	User Guide for Cisco IPS Manager 3.0
	Solving Common Problems in IPS MC
User Guide for Cisco IPS Manager 3.0 Preface Introduction Advanced User Interface Design Features Managing Sensors with IPS MC Working with Groups and Sensors Configuring Sensors and Signature Settings Generating, Approving, and Deploying Sensor Configurations Monitoring Sensor Health Using Update Files Administering the System Configuration Administering the Database Reports Moving from the Unix Director or CSPM to IPS MC Solving Common Problems in IPS MC Employing Cisco Secure ACS with IPS MC Index	Download this chapter Solving Common Problems in IPS MC Download the complete book User Guide for Cisco IPS Manager 3.0 (PDF - 3 MB) Table Of Contents Solving Common Problems in IPS MC Post-Upgrade Installation Note for IPS MC 2.2 and Security Monitor 2.2 Solving Common Problems in IPS MC Use static IP addresses for the host or hosts where Management Center for IPS Sensors (IPS MC) is installed, because DHCP is not supported for IPS MC. If you are having trouble updating your IDS sensor software, see Identifying an NTP Server for a troubleshooting procedure. If you are having trouble updating your IOS IPS crypto configuration, your tftp server may not be running, or your tftp directory may not have adequate permissions. For possible solutions, see Updating the IOS IPS Crypto Configuration. If you are having trouble with SSH keys, note the following special case: You cannot use SSH keys with a particular sensor if you want to use that sensor as a master blocking sensor. If you are entering ACLs in the IPS MC GUI, observe the following notes: Note Entering an ACL on the IOS IPS Rules page or the IOS IPS Filters page identifies the ACL name or number only; it does not create the ACL. To create the ACL, use the command line on the IOS IPS device that you are configuring. If you enter an ACL name or number and deploy the configuration while no corresponding ACL exists in the router, this command has no effect. Note Entering an ACL on the IOS IPS Port Mapping page identifies the ACL number only; it does not create the ACL. To create the ACL, use the command line on the IOS IPS device that you are configuring. If you enter an ACL number and deploy the configuration while no corresponding ACL exists in the router, this command has no effect. If you receive an error message during initial deployment of an IOS IPS device, you may have exceeded the memory available on the IOS IPS device. For more information, see the CSCsa22185 Release Note Enclosure in the Cisco Software Bug Toolkit or in the Release Notes for IPS MC. If your sensors already have an existing NTP server configuration, observe the following caution: Caution If your sensors already have an existing NTP server configuration, such as you might have established outside of IPS MC, be certain to identify the NTP server by using the procedure Identifying an NTP Server. Otherwise, your NTP server settings might be lost. We recommend selecting the Global group in that procedure. Post-Upgrade Installation Note for IPS MC 2.2 and Security Monitor 2.2 This post-upgrade installation note applies when you are upgrading IPS MC 2.1 to IPS MC 2.2 and when you are upgrading Monitoring Center for Security (Security Monitor) 2.1 to Security Monitor 2.2. This note does not apply if you are performing a new installation rather than an upgrade installation. During upgrade, your sensors may continue to detect events, but they cannot send them to your server. Because the upgrade can take up to two hours, your sensors may detect many events during that time, and subsequently flood your server after startup. In turn, your system may throttle and possibly even pause the receiver on startup following the upgrade, while all unretrieved events are forwarded from the sensors. As the user, though, you can be assured that events will not be lost during upgrade, except possibly under extreme circumstances.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.