Filter
Top Products
C-44
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the Appliance
Step 5 Telnet to the router and verify that a deny entry for the blocked address exists in the router ACL. Refer
to the router documentation for the procedure.
Step 6 Remove the manual block by repeating Steps 1 through 4 except in Step 2 place no in front of the
command.
sensor(config-net-gen)# no block-hosts 10.16.0.0
Enabling SSH Connections to the Network Device
If you are using SSH-3DES as the communication protocol for the network device, you must make sure
you have enabled it on the device.
To enable SSH-3DES connections to the network device, follow these steps:
Step 1 Log in to the CLI.
Step 2 Enter configuration mode.
sensor# configure terminal
Step 3 Enable SSH-3DES.
sensor(config)# ssh-3des host blocking_device_ip_address
Step 4 Type yes when prompted to accept the device.
Blocking Not Occurring for a Signature
If blocking is not occurring for a specific signature, check that the event action is set to block the host.
To make sure blocking is occurring for a specific signature, follow these steps:
Step 1 Log in to the CLI.
Step 2 Enter signature definition submode.
sensor# configure terminal
sensor(config)# service signature-definition sig0
sensor(config-sig)#
Step 3 Make sure the event action is set to block the host.
Note If you want to receive alerts, you must always add produce-alert any time you configure the
event actions.
sensor(config-sig)# signatures 1300 0
sensor(config-sig-sig)# engine normalizer
sensor(config-sig-sig-nor)# event-action produce-alert|request-block-host
sensor(config-sig-sig-nor)# show settings
normalizer
-----------------------------------------------
event-action: produce-alert|request-block-host default: produce-alert|deny
-connection-inline