Hello everyone. As I proceed in my studies towards the CCIE Security lab I’m starting a new category on the site – Cisco IPS. I will be posting all the things I learn about this gear, even the basics as I noted that on the Internet Cisco IPS sensors
are not much talked about and while not sure why this is so, I’ll try to fill the gap.In all cases I am using CIsco IPS sensor 4235 unless specified otherwise
By default , out of the box the sensor has the following defaults:
Default gateway: 10.1.9.1 Allowed access: from the network 10.1.9.201/24
Telnet access: disabled
HTTPS: port 443
As most likely your network has different network address the first thing to do is change management IP, default gateway and allowed management access network(s)/IP. You do so by connecting with console to it .
You can configure these basic network settings in 2 ways: enter all the configuration commands on CLI (if you know them) or run interactive menu-type setup by issuing on the CLI: #setup . I’ll show both ways but let’s start with the setup menu.
A short remark – IPS sensor is the one of not so many devices in the Cisco family that configuring/managing/communicating with it using its GUI interface is the recommended and preferred way . It is much more intuitive, simple, produces the very same configuration at the device as done in CLI. The only time you may need to do stuff with CLI is initial setup and debug.
Configuring minimal required settings through setup menu:
- Connect to the device by terminal
- enter default user/password: cisco/cisco (or see the documentation coming with the device);
– First you are presented with the whole configuration currently set, just hit Space key until it reaches the end and asks whether you want to enter the setup dialog , print yes and Enter:
Continue with configuration dialog?[yes]: Enter host name[sensor]: IPS4235 Here I set hostname to IPS4235 Enter IP interface[10.1.9.201/24,10.1.9.1]: 10.0.0.33/24,10.0.0.254 Pay attention to the syntax of specifying the management IP its subnet mask and default gateway Enter telnet-server status[disabled]: enable I say yes here but you are advised to say no on production devices Enter web-server port: Default https listening port Modify current access list?[no]: yes Current access list entries: No entries Permit: 10.0.0.100/32 I allow management access to the device form this specific station Permit: Hit Enter to move to the next menu item Modify system clock settings?[no]: no Modify summer time settings?[no]: no Modify system timezone?[no]: no Modify interface/virtual sensor configuration?[no]: no Modify default threat prevention settings?[no]: ------cut here------------ exit exit
Upon finishing all the menu items in the dialog you are presented with the configuration you just entered :
The following configuration was entered. service host network-settings host-ip 10.0.0.33/24,10.0.0.254 host-name IPS4235 telnet-option enabled access-list 10.0.0.100/32 ftp-timeout 300 no login-banner-text exit time-zone-settings exit summertime-option disabled ntp-option disabled exit service web-server port 443
At the end of the output you are given the following choices:
 Go to the command prompt without saving this config.  Return back to the setup without saving this config.  Save this configuration and exit setup. Enter your selection: 2
Then device asks to reboot in order for the changes to take effect – confirm that.
After reboot you may enter the sensor using supported browser by the management IP: https://10.0.0.33
Also make sure the station you are connecting from has Java virtual machine installed as the GUI is entirely based on it.