Sunday, October 11, 2015

Cisco IPS 4240 version 7 in GNS3

I've been searching and trying to emulate IDS/IPS using the new GNS3 version 1.3.9 (need to register) for quite some time. There's a lot of tutorials and qemu files scattered all over the Internet for Cisco 4235 (IDS only) using version 6 but not for Cisco IPS 4240 version 7. The qemu files and links for Cisco IPS version 7 are already unavailable and the only way I was able to emualte it was using an ova file running in VMware Workstation 10. I've used Java 6 update 7 and disabled TLS 1.1 and 1.2 in IE11 for IDM (HTTPS) to work.





sensor# configure terminal
sensor(config)# service ?
aaa                            Enter configuration mode for AAA options.
analysis-engine                Enter configuration mode for global analysis engine
                               options.
anomaly-detection              Enter configuration mode for anomaly-detection.
authentication                 Enter configuration mode for user authentication options.
event-action-rules             Enter configuration mode for the event action rules.
external-product-interface     Enter configuration mode for the interfaces to external
                               products.
global-correlation             Enter configuration mode for global correlation
                               configuration.
health-monitor                 Enter configuration mode for health and security
                               monitoring.
host                           Enter configuration mode for host configuration.
interface                      Enter configuration mode for interface configuration.
logger                         Enter configuration mode for debug logger.
network-access                 Enter configuration mode for the network access controller.
notification                   Enter configuration mode for the notification application.
signature-definition           Enter configuration mode for the signature definition.
ssh-known-hosts                Enter configuration mode for configuring SSH known hosts.
trusted-certificates           Enter configuration mode for configuring trusted
                               certificates.
web-server                     Enter configuration mode for the web server application.
sensor(config)# service host
sensor(config-hos)# ?
auto-upgrade           Configure Auto Upgrade Settings.
crypto                 Configure cryptographic settings.
default                Set the value back to the system default setting.
exit                   Exit service configuration mode.
network-settings       Configure network settings.
ntp-option             Select whether to synchronize the sensor's clock to an NTP time
                       server.
password-recovery      Option to allow password recovery.
show                   Display system settings and/or history information.
summertime-option      Select whether summertime (Daylight Savings Time) begins and ends
                       at the same time every year (recurring), or just this year
                       (non-recurring), or summertime is disabled.
time-zone-settings     Configure time zone settings.
sensor(config-hos)# network-settings
sensor(config-hos-net)# ?
access-list              List of trusted hosts and/or networks.
default                  Set the value back to the system default setting.
dns-primary-server       Optional primary DNS server. Currently DNS is only used by the
                         collaboration service.
dns-secondary-server     Optional secondary DNS server. Currently DNS is only used by the
                         collaboration service.
dns-tertiary-server      Optional tertiary DNS server. Currently DNS is only used by the
                         collaboration service.
exit                     Exit network-settings configuration submode
ftp-timeout              The FTP client timeout (in seconds) used when communicating with
                         an FTP server.
host-ip                  The IP address/netmask, and default gateway used on the command
                         and control interface.
host-name                Network host name assigned to the sensor.
http-proxy               Optional HTTP/HTTPS proxy server.  Currently the proxy is only
                         used by the collaboration service.
login-banner-text        Banner to be displayed at login.
no                       Remove an entry or selection setting.
show                     Display system settings and/or history information.
telnet-option            Option to enable or disable the telnet server on the sensor.
sensor(config-hos-net)# host-ip ?
<A.B.C.D/nn,E.F.G.H>     The IP address/netmask, and default gateway used on the command
                         and control interface.
sensor(config-hos-net)# host-ip 10.1.1.1/24,10.1.1.2
sensor(config-hos-net)# access-list ?
<A.B.C.D>/nn     Network address of a trusted host or network.  To represent a single host
                 address, use /32 for the network mask.
sensor(config-hos-net)# access-list 10.1.1.0/24
sensor(config-hos-net)# telnet-option ?
enabled      Enable the telnet server on the sensor.
disabled     Disable the telnet server on the sensor.
sensor(config-hos-net)# telnet-option enabled
sensor(config-hos-net)# exit
sensor(config-hos)# exit
sensor(config)# username ?
<username>     Username to add to the system.
sensor(config)# username admin ?
<cr>
password      Enter user password.
privilege     User privilege level for local sensor.
sensor(config)# username admin privilege ?
administrator     Allows full system privileges.
operator          May modify most configuration.
service           Logs directly into a system shell.
viewer            No modification allowed view only.
sensor(config)# username admin privilege administrator ?
<cr>
password     Enter user password.
sensor(config)# username admin privilege administrator password cisco4240!   



2 comments:

  1. Hi John, Nice blog!
    Can you please explain how to interconnect the IPS 4240 VM (ova file running in vmware workstation) with a GNS3 topology? I want to fully test some inline scenarios with the VM. Is that even possible? if yes, can you share how to do it?

    many thanks!

    ReplyDelete
  2. Yes, you could add the VM either using the Loopback interface (cloud) or using Virtual Box.

    ReplyDelete