Installation Guide
Page 2
...DAMAGES. Third-party trademarks mentioned are designed to provide reasonable protection against harmful interference when the equipment is an adaptation of a program developed by Cisco could void the FCC approval and negate your authority to...IP) addresses used in accordance with the instructions, may cause harmful interference to this product not authorized by the University of California, Berkeley (UCB) as part of UCB's public domain version of Cisco trademarks, go to radio communications. To view a list of the UNIX operating system. Any use of California. Cisco Intrusion...
...DAMAGES. Third-party trademarks mentioned are designed to provide reasonable protection against harmful interference when the equipment is an adaptation of a program developed by Cisco could void the FCC approval and negate your authority to...IP) addresses used in accordance with the instructions, may cause harmful interference to this product not authorized by the University of California, Berkeley (UCB) as part of UCB's public domain version of Cisco trademarks, go to radio communications. To view a list of the UNIX operating system. Any use of California. Cisco Intrusion...
Installation Guide
Page 4
... the IPS 4255 2-1 Introducing the IPS 4240 and the IPS 4255 2-1 Front and Back Panel Features 2-2 Specifications 2-4 Connecting the IPS 4240 to a Cisco 7200 Series Router 2-5 Accessories 2-5 Important Safety Instructions 2-5 Rack Mounting 2-6 Installing the IPS 4240 and the IPS 4255 2-7 Installing the IPS 4240-DC 2-10 3 C H A P T E R Installing the IPS 4260 3-1 Introducing the IPS 4260 3-1 Supported Interface Cards 3-2 Hardware Bypass 3-4 4GE Bypass Interface Card 3-4 Cisco Intrusion Prevention...
... the IPS 4255 2-1 Introducing the IPS 4240 and the IPS 4255 2-1 Front and Back Panel Features 2-2 Specifications 2-4 Connecting the IPS 4240 to a Cisco 7200 Series Router 2-5 Accessories 2-5 Important Safety Instructions 2-5 Rack Mounting 2-6 Installing the IPS 4240 and the IPS 4255 2-7 Installing the IPS 4240-DC 2-10 3 C H A P T E R Installing the IPS 4260 3-1 Introducing the IPS 4260 3-1 Supported Interface Cards 3-2 Hardware Bypass 3-4 4GE Bypass Interface Card 3-4 Cisco Intrusion Prevention...
Installation Guide
Page 5
... Changes and Drops 3-6 Front and Back Panel Features 3-6 Specifications 3-9 Accessories 3-9 Important Safety Instructions 3-10 Rack Mounting 3-10 Installing the IPS 4260 in a 4-Post Rack 3-10 Installing the IPS 4260 in a 2-Post Rack 3-13 Installing the IPS 4260 3-15 Removing and Replacing the Chassis Cover 3-18...17 Extending the IPS 4270-20 from the Rack 4-25 Installing the Cable Management Arm 4-28 Converting the Cable Management Arm 4-31 Installing the IPS 4270-20 4-35 Removing and Replacing the Chassis Cover 4-38 Accessing the Diagnostic Panel 4-41 Cisco Intrusion Prevention System Appliance ...
... Changes and Drops 3-6 Front and Back Panel Features 3-6 Specifications 3-9 Accessories 3-9 Important Safety Instructions 3-10 Rack Mounting 3-10 Installing the IPS 4260 in a 4-Post Rack 3-10 Installing the IPS 4260 in a 2-Post Rack 3-13 Installing the IPS 4260 3-15 Removing and Replacing the Chassis Cover 3-18...17 Extending the IPS 4270-20 from the Rack 4-25 Installing the Cable Management Arm 4-28 Converting the Cable Management Arm 4-31 Installing the IPS 4270-20 4-35 Removing and Replacing the Chassis Cover 4-38 Accessing the Diagnostic Panel 4-41 Cisco Intrusion Prevention System Appliance ...
Installation Guide
Page 6
... SSM 6-5 7 C H A P T E R Installing the IDSM2 7-1 Specifications 7-1 Software and Hardware Requirements 7-2 Minimum Supported the IDSM2 Configurations 7-2 Using the TCP Reset Interface 7-3 Front Panel Features 7-3 Installation and Removal Instructions 7-4 Required Tools 7-4 Slot Assignments 7-5 Installing the IDSM2 7-5 Verifying Installation 7-9 Removing the IDSM2 7-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 vi OL-18504-01
... SSM 6-5 7 C H A P T E R Installing the IDSM2 7-1 Specifications 7-1 Software and Hardware Requirements 7-2 Minimum Supported the IDSM2 Configurations 7-2 Using the TCP Reset Interface 7-3 Front Panel Features 7-3 Installation and Removal Instructions 7-4 Required Tools 7-4 Slot Assignments 7-5 Installing the IDSM2 7-5 Verifying Installation 7-9 Removing the IDSM2 7-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 vi OL-18504-01
Installation Guide
Page 7
...7-14 Powering the IDSM2 Up and Down 7-15 Catalyst Software 7-15 Cisco IOS Software 7-16 Installing the NME IPS 8-1 Specifications 8-1 Before Installing the NME IPS 8-2 Software and Hardware Requirements 8-2 Interoperability With Other IPS Modules 8-3 Restrictions 8-3 Hardware Interfaces 8-4 Installation and Removal Instructions 8-5 Verifying... to the NME IPS 9-9 The NME IPS and the session Command 9-9 Sessioning In to the NME IPS 9-10 Logging In to the Sensor 9-11 Initializing the Sensor 10-1 Understanding Initialization 10-1 Simplified Setup Mode 10-1 Cisco Intrusion Prevention System Appliance...
...7-14 Powering the IDSM2 Up and Down 7-15 Catalyst Software 7-15 Cisco IOS Software 7-16 Installing the NME IPS 8-1 Specifications 8-1 Before Installing the NME IPS 8-2 Software and Hardware Requirements 8-2 Interoperability With Other IPS Modules 8-3 Restrictions 8-3 Hardware Interfaces 8-4 Installation and Removal Instructions 8-5 Verifying... to the NME IPS 9-9 The NME IPS and the session Command 9-9 Sessioning In to the NME IPS 9-10 Logging In to the Sensor 9-11 Initializing the Sensor 10-1 Understanding Initialization 10-1 Simplified Setup Mode 10-1 Cisco Intrusion Prevention System Appliance...
Installation Guide
Page 23
...IPS 4240, IPS 4255, IPS 4260, and IPS 4270-20 are exceptions to a sensing interface has no effect in inline interface or inline VLAN pair mode, because TCP resets are always sent on the sensing interfaces in the second-from top to left. The following restrictions apply: • Because the AIM IPS, AIP SSM, and NME IPS...IPS AIP SSM-10 AIP SSM-20 AIP SSM-40 IDSM2 IPS 4240 Command and Control Interface Management0/0 GigabitEthernet0/0 GigabitEthernet0/0 GigabitEthernet0/0 GigabitEthernet0/2 Management0/0 OL-18504-01 Cisco Intrusion... mapped to a specific physical interface, which...
...IPS 4240, IPS 4255, IPS 4260, and IPS 4270-20 are exceptions to a sensing interface has no effect in inline interface or inline VLAN pair mode, because TCP resets are always sent on the sensing interfaces in the second-from top to left. The following restrictions apply: • Because the AIM IPS, AIP SSM, and NME IPS...IPS AIP SSM-10 AIP SSM-20 AIP SSM-40 IDSM2 IPS 4240 Command and Control Interface Management0/0 GigabitEthernet0/0 GigabitEthernet0/0 GigabitEthernet0/0 GigabitEthernet0/2 Management0/0 OL-18504-01 Cisco Intrusion... mapped to a specific physical interface, which...
Installation Guide
Page 34
... is updated. You cannot directly specify the VLANs that are configured as the native VLAN for IPS 7.0 OL-18504-01 On an access port, all VLANs that are two variations. Deploying VLAN...the switch configuration, so it is specified. In the second variation, the two ports are not specifically assigned to a virtual sensor. For an appliance, you do not care if it does not ...to the same switch, make them access ports, and then set this way. 1-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the port in the unassigned group. The value...
... is updated. You cannot directly specify the VLANs that are configured as the native VLAN for IPS 7.0 OL-18504-01 On an access port, all VLANs that are two variations. Deploying VLAN...the switch configuration, so it is specified. In the second variation, the two ports are not specifically assigned to a virtual sensor. For an appliance, you do not care if it does not ...to the same switch, make them access ports, and then set this way. 1-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the port in the unassigned group. The value...
Installation Guide
Page 37
...Cisco Intrusion Prevention System Appliance and Module Installation Guide for anything other serial devices. Chapter 3, "Installing the IPS 4260" - You can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to other than operating Cisco IPS. • Cisco...monitors and performs real-time analysis of the switch. Chapter 2, "Installing the IPS 4240 and the IPS 4255" - The Cisco IPS 4200 series appliances provide the following: • Protection of multiple network subnets through patch cable from 80 Mbps to multiple gigabits ...
...Cisco Intrusion Prevention System Appliance and Module Installation Guide for anything other serial devices. Chapter 3, "Installing the IPS 4260" - You can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to other than operating Cisco IPS. • Cisco...monitors and performs real-time analysis of the switch. Chapter 2, "Installing the IPS 4240 and the IPS 4255" - The Cisco IPS 4200 series appliances provide the following: • Protection of multiple network subnets through patch cable from 80 Mbps to multiple gigabits ...
Installation Guide
Page 40
...K9 - When AIP SSM detects unauthorized activity, it can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to Configuring the AIM IPS. Figure 1-6 shows the AIM IPS. IPS Modules Chapter 1 Introducing the Sensor The AIM IPS ...plugs in to a connector on the motherboard of IPS throughput when installed in ASA 5510 - The adaptive security appliance software integrates firewall, VPN, and intrusion detection and prevention capabilities in the Cisco...
...K9 - When AIP SSM detects unauthorized activity, it can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to Configuring the AIM IPS. Figure 1-6 shows the AIM IPS. IPS Modules Chapter 1 Introducing the Sensor The AIM IPS ...plugs in to a connector on the motherboard of IPS throughput when installed in ASA 5510 - The adaptive security appliance software integrates firewall, VPN, and intrusion detection and prevention capabilities in the Cisco...
Installation Guide
Page 55
... from all four sensing interfaces. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the IPS 4240 is based on the following sections: • Introducing the IPS 4240 and the IPS 4255, page 2-1 • Front and Back Panel Features, page 2-2 • Specifications, page 2-4 • Connecting the IPS 4240 to install them . They use a compact...
... from all four sensing interfaces. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the IPS 4240 is based on the following sections: • Introducing the IPS 4240 and the IPS 4255, page 2-1 • Front and Back Panel Features, page 2-2 • Specifications, page 2-4 • Connecting the IPS 4240 to install them . They use a compact...
Installation Guide
Page 58
Table 2-3 IPS 4240 and IPS 4255 Specifications Dimensions and Weight Height 1.75 in. (4.45 cm) Width 17.5 in. (44.45 cm) Depth 14.5 in. (36.83 cm) Weight 20.0 lb (9.07... Operating 1.14 m/sec (45 in./sec) ½ sine input Nonoperating 30 G Vibration 0.41 Grms2 (3 to 500 Hz) random input Acoustic noise 60 dBa (maximum) Cisco Intrusion Prevention System Appliance and Module Installation Guide for the IPS 4240 and the IPS 4255. Specifications Chapter 2 Installing the IPS 4240 and the IPS 4255 Specifications Table 2-3 lists the specifications for IPS 7.0 2-4 OL-18504-01
Table 2-3 IPS 4240 and IPS 4255 Specifications Dimensions and Weight Height 1.75 in. (4.45 cm) Width 17.5 in. (44.45 cm) Depth 14.5 in. (36.83 cm) Weight 20.0 lb (9.07... Operating 1.14 m/sec (45 in./sec) ½ sine input Nonoperating 30 G Vibration 0.41 Grms2 (3 to 500 Hz) random input Acoustic noise 60 dBa (maximum) Cisco Intrusion Prevention System Appliance and Module Installation Guide for the IPS 4240 and the IPS 4255. Specifications Chapter 2 Installing the IPS 4240 and the IPS 4255 Specifications Table 2-3 lists the specifications for IPS 7.0 2-4 OL-18504-01
Installation Guide
Page 69
... subnets and aggregated traffic traversing switches from the Cisco website. The IPS 4260 delivers 1 Gigabit of deployment in any environment. The IPS 4260 is specific to protect both copper and fiber NIC environments thus providing flexibility of intrusion prevention performance. Installing a non-Cisco or third-party BIOS on the IPS 4260 is a purpose-built device that has support...
... subnets and aggregated traffic traversing switches from the Cisco website. The IPS 4260 delivers 1 Gigabit of deployment in any environment. The IPS 4260 is specific to protect both copper and fiber NIC environments thus providing flexibility of intrusion prevention performance. Installing a non-Cisco or third-party BIOS on the IPS 4260 is a purpose-built device that has support...
Installation Guide
Page 77
Chapter 3 Installing the IPS 4260 Specifications Specifications Table 3-4 lists the specifications for IPS 7.0 3-9 Table 3-4 IPS 4260 Specifications Dimensions and Weight Height 3.45 in. (87.6 cm) Width 17.14 in. (435.3 cm) Depth 20 in. (508 cm) Weight 20...on all three axes Accessories The IPS 4260 accessories kit contains the following: • DB25 connector • DB9 connector • Rack mounting kit-screws, washers, and metal bracket • RJ45 console cable • Two 6-ft Ethernet cables OL-18504-01 Cisco Intrusion Prevention System Appliance and Module ...
Chapter 3 Installing the IPS 4260 Specifications Specifications Table 3-4 lists the specifications for IPS 7.0 3-9 Table 3-4 IPS 4260 Specifications Dimensions and Weight Height 3.45 in. (87.6 cm) Width 17.14 in. (435.3 cm) Depth 20 in. (508 cm) Weight 20...on all three axes Accessories The IPS 4260 accessories kit contains the following: • DB25 connector • DB9 connector • Rack mounting kit-screws, washers, and metal bracket • RJ45 console cable • Two 6-ft Ethernet cables OL-18504-01 Cisco Intrusion Prevention System Appliance and Module ...
Installation Guide
Page 93
...page 4-7 • Diagnostic Panel, page 4-11 • Internal Components, page 4-13 • Specifications, page 4-14 • Accessories, page 4-15 • Installing the Rail System Kit, page 4-15 • Installing the IPS 4270-20, page 4-35 • Removing and Replacing the Chassis Cover, page 4-38 •..., page 4-44 • Installing and Removing Fans, page 4-49 • Troubleshooting Loose Connections, page 4-51 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-1 This chapter describes the IPS 4270-20 and how to install them.
...page 4-7 • Diagnostic Panel, page 4-11 • Internal Components, page 4-13 • Specifications, page 4-14 • Accessories, page 4-15 • Installing the Rail System Kit, page 4-15 • Installing the IPS 4270-20, page 4-35 • Removing and Replacing the Chassis Cover, page 4-38 •..., page 4-44 • Installing and Removing Fans, page 4-49 • Troubleshooting Loose Connections, page 4-51 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-1 This chapter describes the IPS 4270-20 and how to install them.
Installation Guide
Page 94
... can be connected directly to the additional monitoring interfaces without needing to protect fully saturated Gigabit networks and aggregate network traffic on multiple sensing interfaces....IPS 4270-20 supports two optional network interface cards, the 2SX interface card with fiber-optic ports, and the 4GE bypass interface card with copper ports that seen on popular websites with video and file transfer. Cisco Intrusion...use . Introducing the IPS 4270-20 Chapter 4 Installing the IPS 4270-20 Introducing the IPS 4270-20 Caution The BIOS on the IPS 4270-20 is specific to left. The ...
... can be connected directly to the additional monitoring interfaces without needing to protect fully saturated Gigabit networks and aggregate network traffic on multiple sensing interfaces....IPS 4270-20 supports two optional network interface cards, the 2SX interface card with fiber-optic ports, and the 4GE bypass interface card with copper ports that seen on popular websites with video and file transfer. Cisco Intrusion...use . Introducing the IPS 4270-20 Chapter 4 Installing the IPS 4270-20 Introducing the IPS 4270-20 Caution The BIOS on the IPS 4270-20 is specific to left. The ...
Installation Guide
Page 106
no direct sustained sunlight. 4-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the IPS 4270-20. Table 4-5 IPS 4270-20 Specifications Dimensions and Weight Height 6.94 in. (17.6 cm) Width 19.0 in. (46.3 cm) Depth 26.5 in. (67.3 cm) Weight ... 3.0m) above sea level to a maximum of 1.8°F per every 1000 ft (1.0°C per axis on all three axes 1. Specifications Chapter 4 Installing the IPS 4270-20 Specifications Table 4-5 lists the specifications for IPS 7.0 OL-18504-01 At sea level with an altitude derating of 10,000 ft (3050 m).
no direct sustained sunlight. 4-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the IPS 4270-20. Table 4-5 IPS 4270-20 Specifications Dimensions and Weight Height 6.94 in. (17.6 cm) Width 19.0 in. (46.3 cm) Depth 26.5 in. (67.3 cm) Weight ... 3.0m) above sea level to a maximum of 1.8°F per every 1000 ft (1.0°C per axis on all three axes 1. Specifications Chapter 4 Installing the IPS 4270-20 Specifications Table 4-5 lists the specifications for IPS 7.0 OL-18504-01 At sea level with an altitude derating of 10,000 ft (3050 m).
Installation Guide
Page 145
... allow ten concurrent CLI sessions. This chapter describes how to 3,000 m) 1 GB 512 MB OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the AIM IPS. Table 5-1 AIM IPS Specifications Specification Dimensions (H x W x D) Weight Operating temperature Nonoperating temperature Humidity Operating altitude Memory eUSB Description 0.85 x 3.25 x 5.25 in. (2.16 x 8.26 x 13.34 cm...;F (+0° to +40°C) -40° to +185°F (-40° to +85°C) 5% to 95% noncondensing 0 to 10,000 ft (0 to install the AIM IPS.
... allow ten concurrent CLI sessions. This chapter describes how to 3,000 m) 1 GB 512 MB OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the AIM IPS. Table 5-1 AIM IPS Specifications Specification Dimensions (H x W x D) Weight Operating temperature Nonoperating temperature Humidity Operating altitude Memory eUSB Description 0.85 x 3.25 x 5.25 in. (2.16 x 8.26 x 13.34 cm...;F (+0° to +40°C) -40° to +185°F (-40° to +85°C) 5% to 95% noncondensing 0 to 10,000 ft (0 to install the AIM IPS.
Installation Guide
Page 151
... Software Requirements, page 6-2 • Indicators, page 6-2 • Installation and Removal Instructions, page 6-3 Specifications Table 6-1 lists the specifications for IPS 7.0 6-1 This chapter describes how to 90%, noncondensing 1. 2.70 lb for 45 c heatsink, approximately 3.00 lb for the 55c maximum OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the AIP SSM: Table...
... Software Requirements, page 6-2 • Indicators, page 6-2 • Installation and Removal Instructions, page 6-3 Specifications Table 6-1 lists the specifications for IPS 7.0 6-1 This chapter describes how to 90%, noncondensing 1. 2.70 lb for 45 c heatsink, approximately 3.00 lb for the 55c maximum OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the AIP SSM: Table...
Installation Guide
Page 152
...Specifications Model ASA-SSM-AIP-10-K9 ASA-SSM-AIP-20-K9 CPU 2.0 GHz Celeron 2.4 GHz Pentium 4 DRAM 1.0 GB 2.0 GB Hardware and Software Requirements The AIP SSM has the following hardware and software requirements: • Cisco ASA 5500 series adaptive security appliance - The system has passed power-up diagnostics. Cisco Intrusion... 148402 12 34 Table 6-3 describes the AIP SSM indicators. Memory Specifications Chapter 6 Installing the AIP SSM Memory Specifications Table 6-2 lists the memory specifications for IPS 7.0 6-2 OL-18504-01 Table 6-3 AIP SSM Indicators LED Color...
...Specifications Model ASA-SSM-AIP-10-K9 ASA-SSM-AIP-20-K9 CPU 2.0 GHz Celeron 2.4 GHz Pentium 4 DRAM 1.0 GB 2.0 GB Hardware and Software Requirements The AIP SSM has the following hardware and software requirements: • Cisco ASA 5500 series adaptive security appliance - The system has passed power-up diagnostics. Cisco Intrusion... 148402 12 34 Table 6-3 describes the AIP SSM indicators. Memory Specifications Chapter 6 Installing the AIP SSM Memory Specifications Table 6-2 lists the memory specifications for IPS 7.0 6-2 OL-18504-01 Table 6-3 AIP SSM Indicators LED Color...
Installation Guide
Page 173
This chapter describes how to 3,000 m) 2 GB 512 MB OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the NME IPS. 8 C H A P T E R Installing the NME IPS Note All IPS platforms allow ten concurrent CLI sessions. Table 8-1 NME IPS Specifications Specification Dimensions (H x W x D) Weight Operating temperature Nonoperating temperature Humidity Operating altitude Memory eUSB Description 1.55 x 7.10 x 7.2 in. (3.9 x 18...
This chapter describes how to 3,000 m) 2 GB 512 MB OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the NME IPS. 8 C H A P T E R Installing the NME IPS Note All IPS platforms allow ten concurrent CLI sessions. Table 8-1 NME IPS Specifications Specification Dimensions (H x W x D) Weight Operating temperature Nonoperating temperature Humidity Operating altitude Memory eUSB Description 1.55 x 7.10 x 7.2 in. (3.9 x 18...