Index Numerics
10BaseT cable pinouts
appliance F-1
ASA 5585-X F-1
2SX card
described 3-4
illustration 3-5
4GE bypass interface card
configuration restrictions 3-6
described 3-4, 3-6
illustration 3-4
802.1q encapsulation for VLAN groups 1-18
A
access control list. See ACL.
accessing
Diagnostic Panel (IPS 4270-20) 3-42
IPS software C-1
service account E-5
access list misconfiguration E-27
actions
ACL changes 1-2
IP logs 1-3
multiple packet drop 1-3
TCP reset 1-2
adaptive security appliance
ASA 5500 AIP SSM 6-2
ASA 5585-X IPS SSP 7-2
described 6-2
models 7-2
alternate TCP reset interface
configuration restrictions 1-13
designating 1-12
restrictions 1-5
Analysis Engine
error messages E-24
errors E-52
IDM exits E-56
sensing interfaces 1-6
verify it is running E-20
anomaly detection disabling E-19
appliance
cable pinouts (10BaseT) F-1
cable pinouts (10BaseT) F-1
appliances
ACLs 1-2
described 1-20
GRUB menu E-8
initializing B-8
logging in A-2
managers 1-20
models 1-20
password recovery E-8
preparing for installation 2-1
restrictions 1-21
SPAN 1-21
TCP reset 1-2
terminal servers
described 1-22, A-3, D-14
setting up 1-22, A-3, D-14
time sources 1-23, E-15
upgrading recovery partition D-7
application partition image recovery D-12
applying software updates E-53
ARC
blocking not occurring for signature E-42
device access issues E-40
enabling SSH E-42
inactive state E-38
misconfigured master blocking sensor E-43
troubleshooting E-36
verifying device interfaces E-41
verifying status E-37
ASA 5500 AIP SSM
described 6-2
indicators (illustration) 6-5
indicators described 6-5
initializing B-13
installing 6-5
logging in A-4
memory specifications 6-4
models 6-2
Normalizer engine E-62
recovering E-60
removing module 6-7
requirements 6-4
resetting E-59
session command A-4
sessioning in A-4
setup command B-13
show module 1 command 6-7
specifications 6-4
verifying status 6-7
ASA 5500-X IPS SSP
initializing B-17
IPS reloading messages E-64, E-70, E-77
logging in A-5
memory usage E-68
memory usage values (table) E-68
Normalizer engine E-67
password recovery E-10
resetting the password E-10
session command A-5
sessioning in A-5
setup command B-17
time sources 1-23, E-16
ASA 5585-X
cable pinouts 10BaseT F-1
slide rail kit hardware installation 5-20
ASA 5585-X IPS SSP
adaptive security appliance 7-2
described 7-2
front panel indicators
described 7-7
illustration 7-6
initializing B-21
installing 7-9
installing system image D-25
interfaces 7-2, 7-3
introducing 7-2
IPS reloading messages E-64, E-70, E-77
logging in A-6
memory requirements 7-8
Normalizer engine E-75
password recovery E-12
reimaging D-24
removing 7-9, 7-13
requirements 7-4
resetting the password E-12
session command A-6
sessioning in A-6
setup command B-21
show module 1 command 7-12
slot 1 7-9
specifications 7-3
time sources 1-23, E-16
verifying status 7-13
ASA 5585-X SSP-10 with IPS SSP-10
described 7-2
memory requirements 7-8
ASA 5585-X SSP-20 with IPS SSP-20
described 7-3
memory requirements 7-8
ASA 5585-X SSP-40 with IPS SSP-40
described 7-3
memory requirements 7-8
ASA 5585-X SSP-60 with IPS SSP-60
described 7-3
memory requirements 7-8
ASA IPS modules
jumbo packet count E-63, E-69, E-76
ASDM resetting passwords E-11, E-13
asymmetric traffic and disabling anomaly detection E-19
attack responses for TCP resets 1-2
attempt limit
RADIUS E-21
authenticated NTP 1-23, E-15
automatic setup B-2
automatic upgrade
information required D-8
troubleshooting E-53
autonegotiation for hardware bypass 3-7
auto-upgrade-option command D-8
B
backing up
configuration E-3
current configuration E-4
back panel features
IPS 4270-20 3-10
IPS 4345 4-7
IPS 4360 4-8
IPS 4510 5-7
IPS 4520 5-7
basic setup B-4
blocking not occurring for signature E-42
C
cable management arm
converting 3-33
described 3-32
installing 3-29
cable pinouts
RJ-45 to DB-9 F-3
cannot access sensor E-25
cidDump obtaining information E-102
circuit breaker warning 4-21
cisco
default password A-2
default username A-2
Cisco.com
accessing software C-1
downloading software C-1
software downloads C-1
Cisco ASA 5585-X
described 7-2
installing ASA 5585-X IPS SSP 7-13
models 7-2
removing ASA 5585-X IPS SSP 7-13
Cisco Security Intelligence Operations
described C-7
URL C-7
Cisco Services for IPS
service contract C-9
supported products C-9
clear events command 1-24, E-17, E-102
clearing
events E-102
statistics E-86
CLI password recovery E-14
command and control interface
described 1-5
Ethernet 1-2
list 1-5
commands
auto-upgrade-option D-8
clear events 1-24, E-17, E-102
copy backup-config E-3
copy current-config E-3
copy license-key C-11
debug module-boot E-60
downgrade D-11
erase license-key C-14
hw-module module 1 reset E-59
hw-module module slot_number password-reset E-12
setup B-1, B-4, B-8, B-13, B-17, B-21
show events E-99
show health E-78
show module 1 details E-59, E-66, E-72
show settings E-14
show statistics E-86
show statistics virtual-sensor E-24, E-86
show tech-support E-79
show version E-83
sw-module module slot_number password-reset E-10
upgrade D-4, D-6
configuration files
backing up E-3
merging E-3
configuration restrictions
alternate TCP reset interface 1-13
inline interface pairs 1-13
inline VLAN pairs 1-13
interfaces 1-12
physical interfaces 1-12
VLAN groups 1-14
configuring
automatic upgrades D-9
upgrades D-5
connecting SFP/SFP+ modules 7-12
converting cable management arm 3-33
copy backup-config command E-3
copy current-config command E-3
copy license-key command C-11
correcting time on the sensor 1-24, E-17
creating the service account E-6
cryptographic account
Encryption Software Export Distribution Authorization from C-2
obtaining C-2
current configuration back up E-3
D
DC power supply
connecting (IPS 4360) 4-23
debug logging enable E-45
debug-module-boot command E-60
defaults
password A-2
username A-2
device access issues E-40
Diagnostic Panel
accessing 3-42
component list 3-14
illustration 3-14
indicators 3-14
disabling
anomaly detection E-19
password recovery E-14
disaster recovery E-6
displaying
events E-100
health status E-78
password recovery setting E-14
statistics E-86
tech support information E-79
version E-83
downgrade command D-11
downgrading sensors D-11
downloading Cisco software C-1
duplicate IP addresses E-28
E
electrical safety guidelines 2-3
enabling debug logging E-45
Encryption Software Export Distribution Authorization form
cryptographic account C-2
described C-2
erase license-key command C-14
errors (Analysis Engine) E-52
ESD environment working in 2-4
Ethernet port indicators
IPS 4270-20 3-11
events
clearing E-102
displaying E-100
types E-99
Event Store
clearing E-102
clearing events 1-24, E-17
no alerts E-32
time stamp 1-24, E-17
examples
ASA failover configuration E-62, E-66, E-71
SPAN configuration for IPv6 support 1-15
System Configuration Dialog B-2
expansion cards
interface naming conventions (IPS 4270-20) 3-5
slots (IPS 4270-20) 3-43
external product interfaces
issues E-21
troubleshooting E-22
F
fail-over testing 3-6
false positives
filtering 1-4
tuning IPS 1-3
fan indicators (IPS 4270-20) 3-50
fans (IPS 4270-20) 3-50
files Cisco IPS (list) C-1
front panel features
IPS 4510 5-4
IPS 4520 5-4
front panel indicators
ASA 5585-X IPS SSP 7-6
IPS 4270-20 3-9
IPS 4345 4-6
IPS 4360 4-6
front panel switches
IPS 4270-20 3-9
FTP servers and software updates D-3
G
global correlation
license B-5
troubleshooting E-19
GRUB menu password recovery E-8
guidelines
electrical safety 2-3
power supplies 2-6
H
hardware bypass
autonegotiation 3-7
configuration restrictions 3-6
fail-over 3-6
IPS 4270-20 3-6
link status changes and drops 3-7, E-23
proper configuration 3-7, E-23
reimage 3-7
supported configurations 3-6
with software bypass 3-6
health status display E-78
HTTP/HTTPS servers supported D-3
hw-module module 1 reset command E-59
hw-module module slot_number password-reset command E-12
I
IDM
Analysis Engine is busy E-56
described 5-2, 7-2
web browsers 5-2, 7-2
will not load E-55
IME
10 devices 5-3, 7-2
described 5-3, 7-2
installation error E-58
time synchronization problems E-58
initializing
appliances B-8
ASA 5500 AIP SSM B-13
ASA 5500-X IPS SSP B-17
ASA 5585-X IPS SSP B-21
sensors B-1, B-4
user roles B-1
verifying B-25
inline interface pair mode
configuration restrictions 1-13
described 1-16
illustration 1-16
inline mode
interface cards 1-6
pairing interfaces 1-6
inline VLAN pair mode
configuration restrictions 1-13
described 1-17
illustration 1-17
supported sensors 1-17
installation preparation 2-1
installer major version C-5
installer minor version C-5
installing
ASA 5500 AIP SSM 6-5
cable management arm 3-29
DC power supply (IPS 4360) 4-26
fans (IPS 4270-20) 3-50
IPS 4270-20 3-36
IPS 4345 4-12
IPS 4360 4-12
IPS 4510 5-12
IPS 4520 5-12
license key C-12
sensor license C-10
SFP/SFP+ modules 7-12
system image
ASA 5500-X IPS SSP D-23
ASA 5585-X IPS SSP D-25
IPS 4270-20 D-15
IPS 4345 D-17
IPS 4360 D-17
IPS 4510 D-21
IPS 4520 D-21
interface cards
IPS 4270-20
installing 3-43
removing 3-43
interfaces
alternate TCP reset 1-5
command and control 1-5
configuration restrictions 1-12
described 1-4
port numbers 1-4
sensing 1-5, 1-6
slot numbers 1-4
support (table) 1-6
TCP reset 1-11
internal health information in the Diagnostic Panel 3-42
introducing
ASA 5500 AIP SSM 6-2
ASA 5585-X IPS SSP 7-2
IPS 4270-20 3-2
IPS 4345 4-2
IPS 4360 4-2
IPS 4510 5-2
IPS 4520 5-2
IPS appliances 1-20
Intrusion Prevention System Device Manager. See IDM. 5-2, 7-2
Intrusion Prevention System Manager Express. See IME. 7-2
Intrusion Prevention System Manager Express. See IME. 5-3
IPS
restrictions 1-21
supported
appliances 1-19
modules 1-19
tuning 1-3
IPS 4260
password recovery E-8
IPS 4270-20
4GE bypass interface card 3-3
accessories kit 3-16
back panel features 3-10
chassis cover
removing 3-40
replacing 3-40
converting cable management arm 3-33
described 3-1, 3-2
Diagnostic Panel
accessing 3-42
described 3-14
illustration 3-14
Ethernet port indicators
described 3-11
illustration 3-11
expansion card slots 3-43
extending from a rack 3-26
fan connector and indicator (illustration) 3-50
fan indicators 3-50
fans 3-50
features 3-8
front panel
indicators 3-9
switches 3-9
front view (illustration) 3-8
hardware bypass 3-6
hot-pluggable power supplies 3-45
installation 3-36
installing
cable management arm 3-29
fans 3-50
in a rack 3-18
interface cards 3-43
power supplies 3-45
installing system image D-15
interface naming conventions 3-5
maximum rack depth 3-17
network ports 3-3
password recovery E-8
performance 3-2
power supplies 3-3
power supply indicators 3-11
rack requirements 3-17
rail system kit
described 3-16
minimum rack depth 3-17
redundant power supplies 3-45
reimaging D-15
removing
interface cards 3-43
power supplies 3-45
sensing interfaces 3-3
shallow rack installation 3-20
specifications 3-15
switches and indicators (illustration) 3-8
T-15 Torx screwdriver 3-46
IPS 4345
AC power supply (V01) 4-15
back panel features 4-7
back panel features (illustration) 4-7
described 4-2
front panel (illustration) 4-5
front panel indicators described 4-6
indicators 4-6
installation 4-12
installing system image D-17
packing box contents 4-4
password recovery E-8, E-9
power supplies 4-16
power supplies (illustration) 4-17
power supply indicator 4-17
rack mounting 4-10
reimaging D-17
specifications 4-2
V01 power supply limitations 4-15
IPS 4360
AC power supply
installing 4-19
removing 4-19
AC power supply (V02) 4-15
back panel features 4-8
back panel features (illustration) 4-8
connecting DC power supplies 4-23
described 4-2
front panel (illustration) 4-5
front panel indicators described 4-6
indicators 4-6
installation 4-12
installing DC power supplies 4-26
installing system image D-17
packing box contents 4-4
password recovery E-8, E-9
power supplies 4-16
power supplies (illustration) 4-17
power supply indicator 4-17
reimaging D-17
removing DC power supplies 4-26
specifications 4-2
V01 power supply limitations 4-15
IPS 4510
back panel features 5-7
back panel features (illustration) 5-7
cable management brackets
described 5-33
installing 5-33
chassis features 5-3
connecting cables 5-12
described 5-2
Ethernet port indicators 5-8
fan modules
hot-pluggable 5-19
installing 5-19
OIR 5-19
removing 5-19
front panel indicators
described 5-5
illustration 5-5
front panel view 5-4
installing
core IPS SSP 5-15
SFP/SFP+ modules 5-13
slide rail kit hardware 5-20
installing system image D-21
Management 0/0 5-12
management port described 5-12
memory requirements 5-11
OIR
fan supply modules 5-2
not supported 5-2
power supply modules 5-2
SFP/SFP+ 5-2
packing box contents 5-10
password recovery E-8, E-9
power module indicators
described 5-8
illustration 5-7
power supply modules
installing 5-17
removing 5-17
requirements 5-11
rack mounting 5-30
reimaging D-21
removing core IPS SSP 5-15
SFP ports 5-13
shutting down 5-15
slide rail kit hardware installation 5-20
specifications 5-9
supported SFP+ modules 5-12, 7-9
supported SFP modules 5-12, 7-9
SwitchApp 5-35
IPS 4520
back panel features 5-7
back panel features (illustration) 5-7
cable management brackets
described 5-33
installing 5-33
chassis features 5-3
connecting cables 5-12
described 5-2
Ethernet port indicators 5-8
fan modules
hot-pluggable 5-19
installing 5-19
OIR 5-19
removing 5-19
front panel indicators
described 5-5
illustration 5-5
front panel view 5-4
installing
core IPS SSP 5-15
SFP/SFP+ modules 5-13
slide rail kit hardware 5-20
installing system image D-21
Management 0/0 5-12
management port described 5-12
memory requirements 5-11
OIR
fan supply modules 5-2
not supported 5-2
power supply modules 5-2
SFP/SFP+ 5-2
packing box contents 5-10
password recovery E-8, E-9
power module indicators
described 5-8
illustration 5-7
power supply modules
installing 5-17
removing 5-17
requirements 5-11
rack mounting 5-30
reimaging D-21
removing core IPS SSP 5-15
SFP ports 5-13
shutting down 5-15
slide rail kit hardware installation 5-20
specifications 5-9
supported SFP+ modules 5-12, 7-9
supported SFP modules 5-12, 7-9
SwitchApp 5-35
two power supply modules 5-17, 5-19
IPS software
available files C-1
obtaining C-1
IPS software file names
major updates (illustration) C-4
minor updates (illustration) C-4
patch releases (illustration) C-4
service packs (illustration) C-4
IPS SSP-10 front panel features (illustration) 7-4
IPS SSP-20 front panel features (illustration) 7-4
IPS SSP-40 front panel features (illustration) 7-5
IPS SSP-60 front panel features (illustration) 7-5
IPS SSP in the ASA 5585-X 7-2
IPv6
SPAN ports 1-15
switches 1-15
L
license key
installing C-12
obtaining C-8
trial C-8
uninstalling C-14
viewing status of C-8
licensing
described C-8
IPS device serial number C-8
Licensing pane
configuring C-10
described C-8
logging in
appliances A-2
ASA 5500 AIP SSM A-4
ASA 5500-X IPS SSP A-5
ASA 5585-X IPS SSP A-6
sensors
SSH A-7
Telnet A-7
service role A-1
terminal servers 1-22, A-3, D-14
user role A-1
loose connections on sensors 3-52, 5-34, E-24
M
major updates described C-3
Management 0/0 port described 5-12
Management 0/1 described 5-12
manual block to bogus host E-42
master blocking sensor
not set up properly E-43
verifying configuration E-44
merging configuration files E-3
MIBs supported E-18
minor updates described C-3
modes
IDS 1-1
inline interface pair 1-16
inline VLAN pair 1-17
IPS 1-1
promiscuous 1-14
VLAN groups 1-17
modules
ASA 5500 AIP SSM 6-2
ASA 5585-X IPS SSP 7-2
N
NTP
authenticated 1-23, E-15
described 1-23, E-15
incorrect configuration 1-23, E-16
time synchronization 1-23, E-15
unauthenticated 1-23, E-15
verifying configuration 1-24
O
obtaining
cryptographic account C-2
IPS software C-1
license key C-8
sensor license C-10
OIR
not supported for modules 5-2
supported
fan modules 5-2
power supply modules 5-2
SFP/SFP+ 5-2
online insertion and removal. See OIR. 7-2
P
password recovery
appliances E-8
ASA 5500-X IPS SSP E-10
ASA 5585-X IPS SSP E-12
CLI E-14
described E-8
disabling E-14
displaying setting E-14
GRUB menu E-8
IPS 4260 E-8
IPS 4270-20 E-8
IPS 4345 E-8, E-9
IPS 4360 E-8, E-9
IPS 4510 E-8, E-9
IPS 4520 E-8, E-9
platforms E-8
ROMMON E-9
troubleshooting E-15
verifying E-14
patch releases described C-3
performance (IPS 4270-20) 3-2
physical connectivity issues E-31
physical interfaces configuration restrictions 1-12
ports
Management 0/0 5-12
Management 0/1 5-12
SFP 5-13
SFP/SFP+ 7-12
power supplies
described (IPS 4345) 4-16
describes (IPS 4360) 4-16
illustration (IPS 4345) 4-17
illustration (IPS 4560) 4-17
IPS 4270-20
hot-pluggable 3-45
installing 3-45
redundant 3-45
removing 3-45
power supply guidelines 2-6
power supply indicator
IPS 4345 4-17
IPS 4360 4-17
power supply indicators
IPS 4270-20 3-11
IPS 4510 5-7
IPS 4520 5-7
power supply modules
hot-pluggable 5-17
installing (IPS 4510) 5-17
installing (IPS 4520) 5-17
OIR 5-17
redundant configuration 5-17
removing (IPS 4510) 5-17
removing (IPS 4520) 5-17
preparing for appliance installation 2-1
promiscuous mode
atomic attacks 1-15
described 1-14
illustration 1-15
packet flow 1-14
SPAN ports 1-15
TCP reset interfaces 1-11
VACL capture 1-15
R
rack mounting
IPX 4345 4-10
rack-mounting
IPS 4270-20
extension 3-26
installation 3-18
requirements 3-17
IPS 4510 5-30
IPS 4520 5-30
racks
airflow requirements 3-17
space requirements 3-17
RADIUS
attempt limit E-21
rail system
maximum rack depth 3-17
minimum rack depth 3-17
rack hole-types (illustration) 3-16
round holes 3-16
square holes 3-16
threaded holes 3-16
rail system kit
cable management arm 3-29, 3-32
contents 3-17
IPS 4270-20 3-16
required tools 3-17
recover command D-12
recovering
ASA 5500 AIP SSM E-60
recovering the application partition image D-12
recovery partition upgrade D-7
reimaging
ASA 5500-X IPS SSP D-23
ASA 5585-X IPS SSP D-24
described D-2
hardware bypass 3-7
IPS 4270-20 D-15
IPS 4345 D-17
IPS 4360 D-17
IPS 4510 D-21
IPS 4520 D-21
sensors D-2, D-12
removing
ASA 5500 AIP SSM 6-7
ASA 5585-X IPS SSP 7-13
chassis cover (IPS 4270-20) 3-40
DC power supply (IPS 4360) 4-26
last applied
service pack D-11
signature update D-11
replacing
chassis cover
IPS 4270-20 3-40
requirements
ASA 5500 AIP SSM 6-4
ASA 5585-X IPS SSP 7-4
racks
airflow 3-17
space 3-17
reset not occurring for a signature E-51
resetting
ASA 5500 AIP SSM E-59
passwords
ASDM E-11, E-13
hw-module command E-12
sw-module command E-10
resetting the password
ASA 5500-X IPS SSP E-10
ASA 5585-X IPS SSP E-12
restoring the current configuration E-5
RJ-45 to DB-9 cable pinouts F-3
ROMMON
ASA 5585-X IPS SSP D-27
described D-13
IPS 4270-20 D-15
IPS 4345 D-17, E-9
IPS 4360 D-17, E-9
IPS 4510 D-21, E-9
IPS 4520 D-21, E-9
password recovery E-9
remote sensors D-13
serial console port D-13
TFTP D-14
round-trip time. See RTT.
RTT
described D-14
TFTP limitation D-14
S
scheduling automatic upgrades D-9
security
information on Cisco Security Intelligence Operations C-7
sensing interfaces
Analysis Engine 1-6
described 1-6
interface cards 1-6
modes 1-6
sensor license
installing C-10
obtaining C-10
sensors
access problems E-25
application partition image D-12
ASA 5500 AIP SSM 6-2
asymmetric traffic and disabling anomaly detection E-19
capturing traffic 1-1
command and control interfaces (list) 1-5
comprehensive deployment 1-1
Comprehensive Deployment Solutions (illustration) 1-1
corrupted SensorApp configuration E-35
disaster recovery E-6
downgrading D-11
electrical guidelines 2-3
IDS mode 1-1
incorrect NTP configuration 1-23, E-16
initializing B-1, B-4
interface support 1-6
IP address conflicts E-28
IPS mode 1-1
IPS tuning tips 1-3
logging in
SSH A-7
Telnet A-7
loose connections 3-52, 5-34, E-24
misconfigured access lists E-27
models 1-19
network topology 1-3
no alerts E-32, E-57
not seeing packets E-34
NTP time synchronization 1-23, E-15
physical connectivity E-31
power supply guidelines 2-6
preventive maintenance E-2
reimaging D-2
sensing process not running E-29
setup command B-1, B-4, B-8
site guidelines 2-5
supported 1-19
TCP reset 1-2
time sources 1-23, E-15
troubleshooting software upgrades E-54
upgrading D-5
service account
accessing E-5
cautions E-5
creating E-6
described E-5
service packs described C-3
service role A-1
session command
ASA 5500 AIP SSM A-4
ASA 5500-X IPS SSP A-5
ASA 5585-X IPS SSP A-6
sessioning in
ASA 5500 AIP SSM A-4
ASA 5500-X IPS SSP A-5
ASA 5585-X IPS SSP A-6
setting up terminal servers 1-22, A-3, D-14
setup
automatic B-2
command B-1, B-4, B-8, B-13, B-17, B-21
simplified mode B-2
SFP/SFP+ port (illustration) 7-12
SFP+ modules
described 5-11, 7-9
supported (table) 5-12, 7-9
SFP+ modules described 7-4
SFP modules
described 5-11, 7-4, 7-9
supported (table) 5-12, 7-9
SFP port (illustration) 5-13
shallow rack installation (IPS 4270-20) 3-20
show events command E-99
show health command E-78
show interfaces command E-97
show module 1 details command E-59, E-66, E-72
show settings command E-14
show statistics command E-85, E-86
show statistics virtual-sensor command E-24, E-86
show tech-support command E-78, E-79
show version command E-82, E-83
signatures
TCP reset E-51
update files C-4
site guidelines for sensor installation 2-5
SNMP supported MIBs E-18
software bypass
supported configurations 3-6
with hardware bypass 3-6
software downloads Cisco.com C-1
software file names
recovery (illustration) C-5
signature/virus updates (illustration) C-4
system image (illustration) C-5
software release examples
platform identifiers C-6
platform-independent C-5
software updates
supported FTP servers D-3
supported HTTP/HTTPS servers D-3
SPAN
appliances 1-21
port issues E-31
specifications
ASA 5500 AIP SSM 6-4
IPS 4270-20 3-15
IPS 4345 4-2
IPS 4360 4-2
IPS 4510 5-9
IPS 4520 5-9
SSP-10
components 7-2
described 7-2
SSP-20
components 7-3
described 7-3
SSP-40
components 7-3
described 7-3
SSP-60
components 7-3
described 7-3
SSP in slot 2 7-9
statistic display E-86
subinterface 0 described 1-18
supported
FTP servers D-3
HTTP/HTTPS servers D-3
SwitchApp described 5-35
Switched Port Analyzer see SPAN
switches and TCP reset interfaces 1-12
sw-module module slot_number password-reset command E-10
System Configuration Dialog
described B-2
example B-2
system images
installing
ASA 5500-X IPS SSP D-23
ASA 5585-X IPS SSP D-24
IPS 4270-20 D-15
IPS 4345 D-17
IPS 4360 D-17
IPS 4510 D-21
IPS 4520 D-21
T
T-15 Torx screwdriver (IPS 4270-20) 3-46
TAC
service account E-5
show tech-support command E-79
TCP reset interfaces
conditions 1-12
described 1-11
list 1-11
promiscuous mode 1-11
switches 1-12
TCP resets
not occurring E-51
signature actions 1-2
tech support information display E-79
terminal server setup 1-22, A-3, D-14
testing fail-over 3-6
TFTP servers
recommended
UNIX D-14
Windows D-14
RTT D-14
time
correction on the sensor 1-24, E-17
sensors 1-23, E-15
time sources
appliances 1-23, E-15
ASA 5500-X IPS SSP 1-23, E-16
ASA 5585-X IPS SSP 1-23, E-16
trial license key C-8
troubleshooting E-1
Analysis Engine busy E-56
applying software updates E-53
ARC
blocking not occurring for signature E-42
device access issues E-40
enabling SSH E-42
inactive state E-38
misconfigured master blocking sensor E-43
verifying device interfaces E-41
ASA 5500 AIP SSM
commands E-59
debugging E-60
failover scenarios E-61
recovering E-60
reset E-59
ASA 5500-X IPS SSP
commands E-66
failover scenarios E-65
ASA 5585-X IPS SSP
commands E-72
failover scenarios E-71
traffic flow stopped E-72
automatic updates E-53
cannot access sensor E-25
cidDump E-102
cidLog messages to syslog E-50
communication E-25
corrupted SensorApp configuration E-35
debug logger zone names (table) E-49
debug logging E-45
Diagnostic Panel (IPS 4270-20) 3-42
disaster recovery E-6
duplicate sensor IP addresses E-28
enabling debug logging E-45
external product interfaces E-22
gathering information E-77
global correlation E-19
IDM
cannot access sensor E-56
will not load E-55
IME
installation error E-58
IME time synchronization E-58
IPS clock time drift 1-23, E-16
manual block to bogus host E-42
misconfigured access list E-27
no alerts E-32, E-57
NTP E-51
password recovery E-15
physical connectivity issues E-31
preventive maintenance E-2
RADIUS
attempt limit E-21
reset not occurring for a signature E-51
sensing process not running E-29
sensor events E-99
sensor loose connections 3-52, 5-34, E-24
sensor not seeing packets E-34
sensor software upgrade E-54
service account E-5
show events command E-98
show interfaces command E-97
show statistics command E-85
show tech-support command E-78, E-80
show version command E-82
software upgrades E-52
SPAN
port issue E-31
upgrading E-52
verifying Analysis Engine is running E-20
verifying ARC status E-37
tuning
IPS 1-3
tips 1-3
U
unassigned VLAN groups described 1-18
unauthenticated NTP 1-23, E-15
uninstalling the license key C-14
upgrade command D-4, D-6
upgrade notes and caveats (upgrading IPS software) D-1
upgrading
application partition D-12
latest version E-52
recovery partition D-7
sensors D-5
upgrading IPS software (upgrade notes and caveats) D-1
URLs for Cisco Security Intelligence Operations C-7
using
debug logging E-45
TCP reset interfaces 1-12
V
verifying
ASA 5585-X IPS SSP installation 7-13
NTP configuration 1-24
password recovery E-14
sensor initialization B-25
sensor setup B-25
version display E-83
viewing
license key status C-8
virtualization
advantages E-17
restrictions E-17
supported sensors E-18
traffic capture requirements E-18
VLAN groups
802.1q encapsulation 1-18
configuration restrictions 1-14
deploying 1-18
described 1-17
switches 1-18
W
warning
circuit breaker 4-21
exposed DC wire 4-23
Index
Numerics
10BaseT cable pinouts
appliance F-1
ASA 5585-X F-1
2SX card
described 3-4
illustration 3-5
4GE bypass interface card
configuration restrictions 3-6
described 3-4, 3-6
illustration 3-4
802.1q encapsulation for VLAN groups 1-18
A
access control list. See ACL.
accessing
Diagnostic Panel (IPS 4270-20) 3-42
IPS software C-1
service account E-5
access list misconfiguration E-27
actions
ACL changes 1-2
IP logs 1-3
multiple packet drop 1-3
TCP reset 1-2
adaptive security appliance
ASA 5500 AIP SSM 6-2
ASA 5585-X IPS SSP 7-2
described 6-2
models 7-2
alternate TCP reset interface
configuration restrictions 1-13
designating 1-12
restrictions 1-5
Analysis Engine
error messages E-24
errors E-52
IDM exits E-56
sensing interfaces 1-6
verify it is running E-20
anomaly detection disabling E-19
appliance
cable pinouts (10BaseT) F-1
cable pinouts (10BaseT) F-1
appliances
ACLs 1-2
described 1-20
GRUB menu E-8
initializing B-8
logging in A-2
managers 1-20
models 1-20
password recovery E-8
preparing for installation 2-1
restrictions 1-21
SPAN 1-21
TCP reset 1-2
terminal servers
described 1-22, A-3, D-14
setting up 1-22, A-3, D-14
time sources 1-23, E-15
upgrading recovery partition D-7
application partition image recovery D-12
applying software updates E-53
ARC
blocking not occurring for signature E-42
device access issues E-40
enabling SSH E-42
inactive state E-38
misconfigured master blocking sensor E-43
troubleshooting E-36
verifying device interfaces E-41
verifying status E-37
ASA 5500 AIP SSM
described 6-2
indicators (illustration) 6-5
indicators described 6-5
initializing B-13
installing 6-5
logging in A-4
memory specifications 6-4
models 6-2
Normalizer engine E-62
recovering E-60
removing module 6-7
requirements 6-4
resetting E-59
session command A-4
sessioning in A-4
setup command B-13
show module 1 command 6-7
specifications 6-4
verifying status 6-7
ASA 5500-X IPS SSP
initializing B-17
IPS reloading messages E-64, E-70, E-77
logging in A-5
memory usage E-68
memory usage values (table) E-68
Normalizer engine E-67
password recovery E-10
resetting the password E-10
session command A-5
sessioning in A-5
setup command B-17
time sources 1-23, E-16
ASA 5585-X
cable pinouts 10BaseT F-1
slide rail kit hardware installation 5-20
ASA 5585-X IPS SSP
adaptive security appliance 7-2
described 7-2
front panel indicators
described 7-7
illustration 7-6
initializing B-21
installing 7-9
installing system image D-25
interfaces 7-2, 7-3
introducing 7-2
IPS reloading messages E-64, E-70, E-77
logging in A-6
memory requirements 7-8
Normalizer engine E-75
password recovery E-12
reimaging D-24
removing 7-9, 7-13
requirements 7-4
resetting the password E-12
session command A-6
sessioning in A-6
setup command B-21
show module 1 command 7-12
slot 1 7-9
specifications 7-3
time sources 1-23, E-16
verifying status 7-13
ASA 5585-X SSP-10 with IPS SSP-10
described 7-2
memory requirements 7-8
ASA 5585-X SSP-20 with IPS SSP-20
described 7-3
memory requirements 7-8
ASA 5585-X SSP-40 with IPS SSP-40
described 7-3
memory requirements 7-8
ASA 5585-X SSP-60 with IPS SSP-60
described 7-3
memory requirements 7-8
ASA IPS modules
jumbo packet count E-63, E-69, E-76
ASDM resetting passwords E-11, E-13
asymmetric traffic and disabling anomaly detection E-19
attack responses for TCP resets 1-2
attempt limit
RADIUS E-21
authenticated NTP 1-23, E-15
automatic setup B-2
automatic upgrade
information required D-8
troubleshooting E-53
autonegotiation for hardware bypass 3-7
auto-upgrade-option command D-8
B
backing up
configuration E-3
current configuration E-4
back panel features
IPS 4270-20 3-10
IPS 4345 4-7
IPS 4360 4-8
IPS 4510 5-7
IPS 4520 5-7
basic setup B-4
blocking not occurring for signature E-42
C
cable management arm
converting 3-33
described 3-32
installing 3-29
cable pinouts
RJ-45 to DB-9 F-3
cannot access sensor E-25
cidDump obtaining information E-102
circuit breaker warning 4-21
cisco
default password A-2
default username A-2
Cisco.com
accessing software C-1
downloading software C-1
software downloads C-1
Cisco ASA 5585-X
described 7-2
installing ASA 5585-X IPS SSP 7-13
models 7-2
removing ASA 5585-X IPS SSP 7-13
Cisco Security Intelligence Operations
described C-7
URL C-7
Cisco Services for IPS
service contract C-9
supported products C-9
clear events command 1-24, E-17, E-102
clearing
events E-102
statistics E-86
CLI password recovery E-14
command and control interface
described 1-5
Ethernet 1-2
list 1-5
commands
auto-upgrade-option D-8
clear events 1-24, E-17, E-102
copy backup-config E-3
copy current-config E-3
copy license-key C-11
debug module-boot E-60
downgrade D-11
erase license-key C-14
hw-module module 1 reset E-59
hw-module module slot_number password-reset E-12
setup B-1, B-4, B-8, B-13, B-17, B-21
show events E-99
show health E-78
show module 1 details E-59, E-66, E-72
show settings E-14
show statistics E-86
show statistics virtual-sensor E-24, E-86
show tech-support E-79
show version E-83
sw-module module slot_number password-reset E-10
upgrade D-4, D-6
configuration files
backing up E-3
merging E-3
configuration restrictions
alternate TCP reset interface 1-13
inline interface pairs 1-13
inline VLAN pairs 1-13
interfaces 1-12
physical interfaces 1-12
VLAN groups 1-14
configuring
automatic upgrades D-9
upgrades D-5
connecting SFP/SFP+ modules 7-12
converting cable management arm 3-33
copy backup-config command E-3
copy current-config command E-3
copy license-key command C-11
correcting time on the sensor 1-24, E-17
creating the service account E-6
cryptographic account
Encryption Software Export Distribution Authorization from C-2
obtaining C-2
current configuration back up E-3
D
DC power supply
connecting (IPS 4360) 4-23
debug logging enable E-45
debug-module-boot command E-60
defaults
password A-2
username A-2
device access issues E-40
Diagnostic Panel
accessing 3-42
component list 3-14
illustration 3-14
indicators 3-14
disabling
anomaly detection E-19
password recovery E-14
disaster recovery E-6
displaying
events E-100
health status E-78
password recovery setting E-14
statistics E-86
tech support information E-79
version E-83
downgrade command D-11
downgrading sensors D-11
downloading Cisco software C-1
duplicate IP addresses E-28
E
electrical safety guidelines 2-3
enabling debug logging E-45
Encryption Software Export Distribution Authorization form
cryptographic account C-2
described C-2
erase license-key command C-14
errors (Analysis Engine) E-52
ESD environment working in 2-4
Ethernet port indicators
IPS 4270-20 3-11
events
clearing E-102
displaying E-100
types E-99
Event Store
clearing E-102
clearing events 1-24, E-17
no alerts E-32
time stamp 1-24, E-17
examples
ASA failover configuration E-62, E-66, E-71
SPAN configuration for IPv6 support 1-15
System Configuration Dialog B-2
expansion cards
interface naming conventions (IPS 4270-20) 3-5
slots (IPS 4270-20) 3-43
external product interfaces
issues E-21
troubleshooting E-22
F
fail-over testing 3-6
false positives
filtering 1-4
tuning IPS 1-3
fan indicators (IPS 4270-20) 3-50
fans (IPS 4270-20) 3-50
files Cisco IPS (list) C-1
front panel features
IPS 4510 5-4
IPS 4520 5-4
front panel indicators
ASA 5585-X IPS SSP 7-6
IPS 4270-20 3-9
IPS 4345 4-6
IPS 4360 4-6
front panel switches
IPS 4270-20 3-9
FTP servers and software updates D-3
G
global correlation
license B-5
troubleshooting E-19
GRUB menu password recovery E-8
guidelines
electrical safety 2-3
power supplies 2-6
H
hardware bypass
autonegotiation 3-7
configuration restrictions 3-6
fail-over 3-6
IPS 4270-20 3-6
link status changes and drops 3-7, E-23
proper configuration 3-7, E-23
reimage 3-7
supported configurations 3-6
with software bypass 3-6
health status display E-78
HTTP/HTTPS servers supported D-3
hw-module module 1 reset command E-59
hw-module module slot_number password-reset command E-12
I
IDM
Analysis Engine is busy E-56
described 5-2, 7-2
web browsers 5-2, 7-2
will not load E-55
IME
10 devices 5-3, 7-2
described 5-3, 7-2
installation error E-58
time synchronization problems E-58
initializing
appliances B-8
ASA 5500 AIP SSM B-13
ASA 5500-X IPS SSP B-17
ASA 5585-X IPS SSP B-21
sensors B-1, B-4
user roles B-1
verifying B-25
inline interface pair mode
configuration restrictions 1-13
described 1-16
illustration 1-16
inline mode
interface cards 1-6
pairing interfaces 1-6
inline VLAN pair mode
configuration restrictions 1-13
described 1-17
illustration 1-17
supported sensors 1-17
installation preparation 2-1
installer major version C-5
installer minor version C-5
installing
ASA 5500 AIP SSM 6-5
cable management arm 3-29
DC power supply (IPS 4360) 4-26
fans (IPS 4270-20) 3-50
IPS 4270-20 3-36
IPS 4345 4-12
IPS 4360 4-12
IPS 4510 5-12
IPS 4520 5-12
license key C-12
sensor license C-10
SFP/SFP+ modules 7-12
system image
ASA 5500-X IPS SSP D-23
ASA 5585-X IPS SSP D-25
IPS 4270-20 D-15
IPS 4345 D-17
IPS 4360 D-17
IPS 4510 D-21
IPS 4520 D-21
interface cards
IPS 4270-20
installing 3-43
removing 3-43
interfaces
alternate TCP reset 1-5
command and control 1-5
configuration restrictions 1-12
described 1-4
port numbers 1-4
sensing 1-5, 1-6
slot numbers 1-4
support (table) 1-6
TCP reset 1-11
internal health information in the Diagnostic Panel 3-42
introducing
ASA 5500 AIP SSM 6-2
ASA 5585-X IPS SSP 7-2
IPS 4270-20 3-2
IPS 4345 4-2
IPS 4360 4-2
IPS 4510 5-2
IPS 4520 5-2
IPS appliances 1-20
Intrusion Prevention System Device Manager. See IDM. 5-2, 7-2
Intrusion Prevention System Manager Express. See IME. 7-2
Intrusion Prevention System Manager Express. See IME. 5-3
IPS
restrictions 1-21
supported
appliances 1-19
modules 1-19
tuning 1-3
IPS 4260
password recovery E-8
IPS 4270-20
4GE bypass interface card 3-3
accessories kit 3-16
back panel features 3-10
chassis cover
removing 3-40
replacing 3-40
converting cable management arm 3-33
described 3-1, 3-2
Diagnostic Panel
accessing 3-42
described 3-14
illustration 3-14
Ethernet port indicators
described 3-11
illustration 3-11
expansion card slots 3-43
extending from a rack 3-26
fan connector and indicator (illustration) 3-50
fan indicators 3-50
fans 3-50
features 3-8
front panel
indicators 3-9
switches 3-9
front view (illustration) 3-8
hardware bypass 3-6
hot-pluggable power supplies 3-45
installation 3-36
installing
cable management arm 3-29
fans 3-50
in a rack 3-18
interface cards 3-43
power supplies 3-45
installing system image D-15
interface naming conventions 3-5
maximum rack depth 3-17
network ports 3-3
password recovery E-8
performance 3-2
power supplies 3-3
power supply indicators 3-11
rack requirements 3-17
rail system kit
described 3-16
minimum rack depth 3-17
redundant power supplies 3-45
reimaging D-15
removing
interface cards 3-43
power supplies 3-45
sensing interfaces 3-3
shallow rack installation 3-20
specifications 3-15
switches and indicators (illustration) 3-8
T-15 Torx screwdriver 3-46
IPS 4345
AC power supply (V01) 4-15
back panel features 4-7
back panel features (illustration) 4-7
described 4-2
front panel (illustration) 4-5
front panel indicators described 4-6
indicators 4-6
installation 4-12
installing system image D-17
packing box contents 4-4
password recovery E-8, E-9
power supplies 4-16
power supplies (illustration) 4-17
power supply indicator 4-17
rack mounting 4-10
reimaging D-17
specifications 4-2
V01 power supply limitations 4-15
IPS 4360
AC power supply
installing 4-19
removing 4-19
AC power supply (V02) 4-15
back panel features 4-8
back panel features (illustration) 4-8
connecting DC power supplies 4-23
described 4-2
front panel (illustration) 4-5
front panel indicators described 4-6
indicators 4-6
installation 4-12
installing DC power supplies 4-26
installing system image D-17
packing box contents 4-4
password recovery E-8, E-9
power supplies 4-16
power supplies (illustration) 4-17
power supply indicator 4-17
reimaging D-17
removing DC power supplies 4-26
specifications 4-2
V01 power supply limitations 4-15
IPS 4510
back panel features 5-7
back panel features (illustration) 5-7
cable management brackets
described 5-33
installing 5-33
chassis features 5-3
connecting cables 5-12
described 5-2
Ethernet port indicators 5-8
fan modules
hot-pluggable 5-19
installing 5-19
OIR 5-19
removing 5-19
front panel indicators
described 5-5
illustration 5-5
front panel view 5-4
installing
core IPS SSP 5-15
SFP/SFP+ modules 5-13
slide rail kit hardware 5-20
installing system image D-21
Management 0/0 5-12
management port described 5-12
memory requirements 5-11
OIR
fan supply modules 5-2
not supported 5-2
power supply modules 5-2
SFP/SFP+ 5-2
packing box contents 5-10
password recovery E-8, E-9
power module indicators
described 5-8
illustration 5-7
power supply modules
installing 5-17
removing 5-17
requirements 5-11
rack mounting 5-30
reimaging D-21
removing core IPS SSP 5-15
SFP ports 5-13
shutting down 5-15
slide rail kit hardware installation 5-20
specifications 5-9
supported SFP+ modules 5-12, 7-9
supported SFP modules 5-12, 7-9
SwitchApp 5-35
IPS 4520
back panel features 5-7
back panel features (illustration) 5-7
cable management brackets
described 5-33
installing 5-33
chassis features 5-3
connecting cables 5-12
described 5-2
Ethernet port indicators 5-8
fan modules
hot-pluggable 5-19
installing 5-19
OIR 5-19
removing 5-19
front panel indicators
described 5-5
illustration 5-5
front panel view 5-4
installing
core IPS SSP 5-15
SFP/SFP+ modules 5-13
slide rail kit hardware 5-20
installing system image D-21
Management 0/0 5-12
management port described 5-12
memory requirements 5-11
OIR
fan supply modules 5-2
not supported 5-2
power supply modules 5-2
SFP/SFP+ 5-2
packing box contents 5-10
password recovery E-8, E-9
power module indicators
described 5-8
illustration 5-7
power supply modules
installing 5-17
removing 5-17
requirements 5-11
rack mounting 5-30
reimaging D-21
removing core IPS SSP 5-15
SFP ports 5-13
shutting down 5-15
slide rail kit hardware installation 5-20
specifications 5-9
supported SFP+ modules 5-12, 7-9
supported SFP modules 5-12, 7-9
SwitchApp 5-35
two power supply modules 5-17, 5-19
IPS software
available files C-1
obtaining C-1
IPS software file names
major updates (illustration) C-4
minor updates (illustration) C-4
patch releases (illustration) C-4
service packs (illustration) C-4
IPS SSP-10 front panel features (illustration) 7-4
IPS SSP-20 front panel features (illustration) 7-4
IPS SSP-40 front panel features (illustration) 7-5
IPS SSP-60 front panel features (illustration) 7-5
IPS SSP in the ASA 5585-X 7-2
IPv6
SPAN ports 1-15
switches 1-15
L
license key
installing C-12
obtaining C-8
trial C-8
uninstalling C-14
viewing status of C-8
licensing
described C-8
IPS device serial number C-8
Licensing pane
configuring C-10
described C-8
logging in
appliances A-2
ASA 5500 AIP SSM A-4
ASA 5500-X IPS SSP A-5
ASA 5585-X IPS SSP A-6
sensors
SSH A-7
Telnet A-7
service role A-1
terminal servers 1-22, A-3, D-14
user role A-1
loose connections on sensors 3-52, 5-34, E-24
M
major updates described C-3
Management 0/0 port described 5-12
Management 0/1 described 5-12
manual block to bogus host E-42
master blocking sensor
not set up properly E-43
verifying configuration E-44
merging configuration files E-3
MIBs supported E-18
minor updates described C-3
modes
IDS 1-1
inline interface pair 1-16
inline VLAN pair 1-17
IPS 1-1
promiscuous 1-14
VLAN groups 1-17
modules
ASA 5500 AIP SSM 6-2
ASA 5585-X IPS SSP 7-2
N
NTP
authenticated 1-23, E-15
described 1-23, E-15
incorrect configuration 1-23, E-16
time synchronization 1-23, E-15
unauthenticated 1-23, E-15
verifying configuration 1-24
O
obtaining
cryptographic account C-2
IPS software C-1
license key C-8
sensor license C-10
OIR
not supported for modules 5-2
supported
fan modules 5-2
power supply modules 5-2
SFP/SFP+ 5-2
online insertion and removal. See OIR. 7-2
P
password recovery
appliances E-8
ASA 5500-X IPS SSP E-10
ASA 5585-X IPS SSP E-12
CLI E-14
described E-8
disabling E-14
displaying setting E-14
GRUB menu E-8
IPS 4260 E-8
IPS 4270-20 E-8
IPS 4345 E-8, E-9
IPS 4360 E-8, E-9
IPS 4510 E-8, E-9
IPS 4520 E-8, E-9
platforms E-8
ROMMON E-9
troubleshooting E-15
verifying E-14
patch releases described C-3
performance (IPS 4270-20) 3-2
physical connectivity issues E-31
physical interfaces configuration restrictions 1-12
ports
Management 0/0 5-12
Management 0/1 5-12
SFP 5-13
SFP/SFP+ 7-12
power supplies
described (IPS 4345) 4-16
describes (IPS 4360) 4-16
illustration (IPS 4345) 4-17
illustration (IPS 4560) 4-17
IPS 4270-20
hot-pluggable 3-45
installing 3-45
redundant 3-45
removing 3-45
power supply guidelines 2-6
power supply indicator
IPS 4345 4-17
IPS 4360 4-17
power supply indicators
IPS 4270-20 3-11
IPS 4510 5-7
IPS 4520 5-7
power supply modules
hot-pluggable 5-17
installing (IPS 4510) 5-17
installing (IPS 4520) 5-17
OIR 5-17
redundant configuration 5-17
removing (IPS 4510) 5-17
removing (IPS 4520) 5-17
preparing for appliance installation 2-1
promiscuous mode
atomic attacks 1-15
described 1-14
illustration 1-15
packet flow 1-14
SPAN ports 1-15
TCP reset interfaces 1-11
VACL capture 1-15
R
rack mounting
IPX 4345 4-10
rack-mounting
IPS 4270-20
extension 3-26
installation 3-18
requirements 3-17
IPS 4510 5-30
IPS 4520 5-30
racks
airflow requirements 3-17
space requirements 3-17
RADIUS
attempt limit E-21
rail system
maximum rack depth 3-17
minimum rack depth 3-17
rack hole-types (illustration) 3-16
round holes 3-16
square holes 3-16
threaded holes 3-16
rail system kit
cable management arm 3-29, 3-32
contents 3-17
IPS 4270-20 3-16
required tools 3-17
recover command D-12
recovering
ASA 5500 AIP SSM E-60
recovering the application partition image D-12
recovery partition upgrade D-7
reimaging
ASA 5500-X IPS SSP D-23
ASA 5585-X IPS SSP D-24
described D-2
hardware bypass 3-7
IPS 4270-20 D-15
IPS 4345 D-17
IPS 4360 D-17
IPS 4510 D-21
IPS 4520 D-21
sensors D-2, D-12
removing
ASA 5500 AIP SSM 6-7
ASA 5585-X IPS SSP 7-13
chassis cover (IPS 4270-20) 3-40
DC power supply (IPS 4360) 4-26
last applied
service pack D-11
signature update D-11
replacing
chassis cover
IPS 4270-20 3-40
requirements
ASA 5500 AIP SSM 6-4
ASA 5585-X IPS SSP 7-4
racks
airflow 3-17
space 3-17
reset not occurring for a signature E-51
resetting
ASA 5500 AIP SSM E-59
passwords
ASDM E-11, E-13
hw-module command E-12
sw-module command E-10
resetting the password
ASA 5500-X IPS SSP E-10
ASA 5585-X IPS SSP E-12
restoring the current configuration E-5
RJ-45 to DB-9 cable pinouts F-3
ROMMON
ASA 5585-X IPS SSP D-27
described D-13
IPS 4270-20 D-15
IPS 4345 D-17, E-9
IPS 4360 D-17, E-9
IPS 4510 D-21, E-9
IPS 4520 D-21, E-9
password recovery E-9
remote sensors D-13
serial console port D-13
TFTP D-14
round-trip time. See RTT.
RTT
described D-14
TFTP limitation D-14
S
scheduling automatic upgrades D-9
security
information on Cisco Security Intelligence Operations C-7
sensing interfaces
Analysis Engine 1-6
described 1-6
interface cards 1-6
modes 1-6
sensor license
installing C-10
obtaining C-10
sensors
access problems E-25
application partition image D-12
ASA 5500 AIP SSM 6-2
asymmetric traffic and disabling anomaly detection E-19
capturing traffic 1-1
command and control interfaces (list) 1-5
comprehensive deployment 1-1
Comprehensive Deployment Solutions (illustration) 1-1
corrupted SensorApp configuration E-35
disaster recovery E-6
downgrading D-11
electrical guidelines 2-3
IDS mode 1-1
incorrect NTP configuration 1-23, E-16
initializing B-1, B-4
interface support 1-6
IP address conflicts E-28
IPS mode 1-1
IPS tuning tips 1-3
logging in
SSH A-7
Telnet A-7
loose connections 3-52, 5-34, E-24
misconfigured access lists E-27
models 1-19
network topology 1-3
no alerts E-32, E-57
not seeing packets E-34
NTP time synchronization 1-23, E-15
physical connectivity E-31
power supply guidelines 2-6
preventive maintenance E-2
reimaging D-2
sensing process not running E-29
setup command B-1, B-4, B-8
site guidelines 2-5
supported 1-19
TCP reset 1-2
time sources 1-23, E-15
troubleshooting software upgrades E-54
upgrading D-5
service account
accessing E-5
cautions E-5
creating E-6
described E-5
service packs described C-3
service role A-1
session command
ASA 5500 AIP SSM A-4
ASA 5500-X IPS SSP A-5
ASA 5585-X IPS SSP A-6
sessioning in
ASA 5500 AIP SSM A-4
ASA 5500-X IPS SSP A-5
ASA 5585-X IPS SSP A-6
setting up terminal servers 1-22, A-3, D-14
setup
automatic B-2
command B-1, B-4, B-8, B-13, B-17, B-21
simplified mode B-2
SFP/SFP+ port (illustration) 7-12
SFP+ modules
described 5-11, 7-9
supported (table) 5-12, 7-9
SFP+ modules described 7-4
SFP modules
described 5-11, 7-4, 7-9
supported (table) 5-12, 7-9
SFP port (illustration) 5-13
shallow rack installation (IPS 4270-20) 3-20
show events command E-99
show health command E-78
show interfaces command E-97
show module 1 details command E-59, E-66, E-72
show settings command E-14
show statistics command E-85, E-86
show statistics virtual-sensor command E-24, E-86
show tech-support command E-78, E-79
show version command E-82, E-83
signatures
TCP reset E-51
update files C-4
site guidelines for sensor installation 2-5
SNMP supported MIBs E-18
software bypass
supported configurations 3-6
with hardware bypass 3-6
software downloads Cisco.com C-1
software file names
recovery (illustration) C-5
signature/virus updates (illustration) C-4
system image (illustration) C-5
software release examples
platform identifiers C-6
platform-independent C-5
software updates
supported FTP servers D-3
supported HTTP/HTTPS servers D-3
SPAN
appliances 1-21
port issues E-31
specifications
ASA 5500 AIP SSM 6-4
IPS 4270-20 3-15
IPS 4345 4-2
IPS 4360 4-2
IPS 4510 5-9
IPS 4520 5-9
SSP-10
components 7-2
described 7-2
SSP-20
components 7-3
described 7-3
SSP-40
components 7-3
described 7-3
SSP-60
components 7-3
described 7-3
SSP in slot 2 7-9
statistic display E-86
subinterface 0 described 1-18
supported
FTP servers D-3
HTTP/HTTPS servers D-3
SwitchApp described 5-35
Switched Port Analyzer see SPAN
switches and TCP reset interfaces 1-12
sw-module module slot_number password-reset command E-10
System Configuration Dialog
described B-2
example B-2
system images
installing
ASA 5500-X IPS SSP D-23
ASA 5585-X IPS SSP D-24
IPS 4270-20 D-15
IPS 4345 D-17
IPS 4360 D-17
IPS 4510 D-21
IPS 4520 D-21
T
T-15 Torx screwdriver (IPS 4270-20) 3-46
TAC
service account E-5
show tech-support command E-79
TCP reset interfaces
conditions 1-12
described 1-11
list 1-11
promiscuous mode 1-11
switches 1-12
TCP resets
not occurring E-51
signature actions 1-2
tech support information display E-79
terminal server setup 1-22, A-3, D-14
testing fail-over 3-6
TFTP servers
recommended
UNIX D-14
Windows D-14
RTT D-14
time
correction on the sensor 1-24, E-17
sensors 1-23, E-15
time sources
appliances 1-23, E-15
ASA 5500-X IPS SSP 1-23, E-16
ASA 5585-X IPS SSP 1-23, E-16
trial license key C-8
troubleshooting E-1
Analysis Engine busy E-56
applying software updates E-53
ARC
blocking not occurring for signature E-42
device access issues E-40
enabling SSH E-42
inactive state E-38
misconfigured master blocking sensor E-43
verifying device interfaces E-41
ASA 5500 AIP SSM
commands E-59
debugging E-60
failover scenarios E-61
recovering E-60
reset E-59
ASA 5500-X IPS SSP
commands E-66
failover scenarios E-65
ASA 5585-X IPS SSP
commands E-72
failover scenarios E-71
traffic flow stopped E-72
automatic updates E-53
cannot access sensor E-25
cidDump E-102
cidLog messages to syslog E-50
communication E-25
corrupted SensorApp configuration E-35
debug logger zone names (table) E-49
debug logging E-45
Diagnostic Panel (IPS 4270-20) 3-42
disaster recovery E-6
duplicate sensor IP addresses E-28
enabling debug logging E-45
external product interfaces E-22
gathering information E-77
global correlation E-19
IDM
cannot access sensor E-56
will not load E-55
IME
installation error E-58
IME time synchronization E-58
IPS clock time drift 1-23, E-16
manual block to bogus host E-42
misconfigured access list E-27
no alerts E-32, E-57
NTP E-51
password recovery E-15
physical connectivity issues E-31
preventive maintenance E-2
RADIUS
attempt limit E-21
reset not occurring for a signature E-51
sensing process not running E-29
sensor events E-99
sensor loose connections 3-52, 5-34, E-24
sensor not seeing packets E-34
sensor software upgrade E-54
service account E-5
show events command E-98
show interfaces command E-97
show statistics command E-85
show tech-support command E-78, E-80
show version command E-82
software upgrades E-52
SPAN
port issue E-31
upgrading E-52
verifying Analysis Engine is running E-20
verifying ARC status E-37
tuning
IPS 1-3
tips 1-3
U
unassigned VLAN groups described 1-18
unauthenticated NTP 1-23, E-15
uninstalling the license key C-14
upgrade command D-4, D-6
upgrade notes and caveats (upgrading IPS software) D-1
upgrading
application partition D-12
latest version E-52
recovery partition D-7
sensors D-5
upgrading IPS software (upgrade notes and caveats) D-1
URLs for Cisco Security Intelligence Operations C-7
using
debug logging E-45
TCP reset interfaces 1-12
V
verifying
ASA 5585-X IPS SSP installation 7-13
NTP configuration 1-24
password recovery E-14
sensor initialization B-25
sensor setup B-25
version display E-83
viewing
license key status C-8
virtualization
advantages E-17
restrictions E-17
supported sensors E-18
traffic capture requirements E-18
VLAN groups
802.1q encapsulation 1-18
configuration restrictions 1-14
deploying 1-18
described 1-17
switches 1-18
W
warning
circuit breaker 4-21
exposed DC wire 4-23