E-27
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the Appliance
--MORE--
Step 6 Add a permit entry for the workstation network address, save the configuration, and try to connect again.
Step 7 Make sure the network configuration allows the workstation to connect to the sensor. If the sensor is
protected behind a firewall and the workstation is in front of the firewall, make sure the firewall is
configured to allow the workstation to access the sensor. Or if the workstation is behind a firewall that
is performing network address translation on the workstation IP address, and the sensor is in front of the
firewall, make sure that the sensor access list contains a permit entry for the workstation translated
address.
For More Information
• For the procedures for changing the IP address, changing the access list, and enabling and disabling
Telnet, refer to Configuring Network Settings.
• For the various ways to open a CLI session directly on the sensor, see Appendix A, “Logging In to
the Sensor.”
Correcting a Misconfigured Access List
To correct a misconfigured access list, follow these steps:
Step 1 Log in to the CLI.
Step 2 View your configuration to see the access list.
sensor# show configuration | include access-list
access-list 10.0.0.0/8
access-list 64.0.0.0/8
sensor#
Step 3 Verify that the client IP address is listed in the allowed networks. If it is not, add it.
sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings
sensor(config-hos-net)# access-list 171.69.70.0/24
Step 4 Verify the settings.
sensor(config-hos-net)# show settings
network-settings
-----------------------------------------------
host-ip: 192.168.1.2/24,192.168.1.1 default: 10.1.9.201/24,10.1.9.1
host-name: sensor-238 default: sensor
telnet-option: enabled default: disabled
access-list (min: 0, max: 512, current: 3)
-----------------------------------------------
network-address: 10.0.0.0/8
-----------------------------------------------
network-address: 64.0.0.0/8
-----------------------------------------------
network-address: 171.69.70.0/24
-----------------------------------------------
-----------------------------------------------
Comments to this Manuals