Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

14-30

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting

Configuring the Sensor to be a Master Blocking Sensor

sensor(config-web)# show settings

enable-tls: true <defaulted>

port: 443 <defaulted>

server-id: HTTP/1.1 compliant <defaulted>

sensor(config-web)#

b. On the blocking forwarding sensor, configure it to accept the X.509 certificate of the master

blocking sensor.

sensor(config-web)# exit

sensor(config)# tls trusted-host ip-address master_blocking_sensor_ip_address

port

port_number

Example

sensor(config)# tls trusted-host ip-address 192.0.2.1 port 8080

Certificate MD5 fingerprint is

F4:4A:14:BA:84:F4:51:D0:A4:E2:15:38:7E:77:96:D8Certificate SHA1 fingerprint is

84:09:B6:85:C5:43:60:5B:37:1E:6D:31:6A:30:5F:7E:4D:4D:E8:B2

Would you like to add this to the trusted certificate table for this host?[yes]:

Note You are prompted to accept the certificate based on the certificate fingerprint. Sensors

provide only self-signed certificates (instead of certificates signed by a recognized

certificate authority). You can verify the master blocking sensor host sensor certificate by

logging in to the host sensor and typing the show tls fingerprint command to see that the

fingerprints of the host certificate match.

Step 4 Enter yes to accept the certificate from the master blocking sensor.

Step 5 Enter network access mode.

sensor(config)# service network-access

Step 6 Enter general submode.

sensor(config-net)# general

Step 7 Add a master blocking sensor entry.

sensor(config-net-gen)# master-blocking-sensors master_blocking_sensor_ip_address

Step 8 Specify the username for an administrative account on the master blocking sensor host.

sensor(config-net-gen-mas)# username username

Step 9 Specify the password for the user.

sensor(config-net-gen-mas)# password

Enter password []: *****

Re-enter mbs-password []: *****

sensor(config-net-gen-mas)#

Step 10 Specify the port number for the host HTTP communications. The default is 80/443 if not specified.

sensor(config-net-gen-mas)# port port_number

Step 11 Specify whether or not the host uses TLS/SSL.

sensor(config-net-gen-mas)# tls {true | false}

sensor(config-net-gen-mas)

previous next