I've been searching and trying to emulate IDS/IPS using the new GNS3 version 1.3.9 (need to register) for quite some time. There's a lot of tutorials and qemu files scattered all over the Internet for Cisco 4235 (IDS only) using version 6 but not for Cisco IPS 4240 version 7. The qemu files and links for Cisco IPS version 7 are already unavailable and the only way I was able to emualte it was using an ova file running in VMware Workstation 10. I've used Java 6 update 7 and disabled TLS 1.1 and 1.2 in IE11 for IDM (HTTPS) to work.
sensor# configure terminal
sensor(config)# service ?
aaa Enter configuration mode for AAA options.
analysis-engine Enter configuration mode for global analysis engine
options.
anomaly-detection Enter configuration mode for anomaly-detection.
authentication Enter configuration mode for user authentication options.
event-action-rules Enter configuration mode for the event action rules.
external-product-interface Enter configuration mode for the interfaces to external
products.
global-correlation Enter configuration mode for global correlation
configuration.
health-monitor Enter configuration mode for health and security
monitoring.
host Enter configuration mode for host configuration.
interface Enter configuration mode for interface configuration.
logger Enter configuration mode for debug logger.
network-access Enter configuration mode for the network access controller.
notification Enter configuration mode for the notification application.
signature-definition Enter configuration mode for the signature definition.
ssh-known-hosts Enter configuration mode for configuring SSH known hosts.
trusted-certificates Enter configuration mode for configuring trusted
certificates.
web-server Enter configuration mode for the web server application.
sensor(config)# service host
sensor(config-hos)# ?
auto-upgrade Configure Auto Upgrade Settings.
crypto Configure cryptographic settings.
default Set the value back to the system default setting.
exit Exit service configuration mode.
network-settings Configure network settings.
ntp-option Select whether to synchronize the sensor's clock to an NTP time
server.
password-recovery Option to allow password recovery.
show Display system settings and/or history information.
summertime-option Select whether summertime (Daylight Savings Time) begins and ends
at the same time every year (recurring), or just this year
(non-recurring), or summertime is disabled.
time-zone-settings Configure time zone settings.
sensor(config-hos)# network-settings
sensor(config-hos-net)# ?
access-list List of trusted hosts and/or networks.
default Set the value back to the system default setting.
dns-primary-server Optional primary DNS server. Currently DNS is only used by the
collaboration service.
dns-secondary-server Optional secondary DNS server. Currently DNS is only used by the
collaboration service.
dns-tertiary-server Optional tertiary DNS server. Currently DNS is only used by the
collaboration service.
exit Exit network-settings configuration submode
ftp-timeout The FTP client timeout (in seconds) used when communicating with
an FTP server.
host-ip The IP address/netmask, and default gateway used on the command
and control interface.
host-name Network host name assigned to the sensor.
http-proxy Optional HTTP/HTTPS proxy server. Currently the proxy is only
used by the collaboration service.
login-banner-text Banner to be displayed at login.
no Remove an entry or selection setting.
show Display system settings and/or history information.
telnet-option Option to enable or disable the telnet server on the sensor.
sensor(config-hos-net)# host-ip ?
<A.B.C.D/nn,E.F.G.H> The IP address/netmask, and default gateway used on the command
and control interface.
sensor(config-hos-net)# host-ip 10.1.1.1/24,10.1.1.2
sensor(config-hos-net)# access-list ?
<A.B.C.D>/nn Network address of a trusted host or network. To represent a single host
address, use /32 for the network mask.
sensor(config-hos-net)# access-list 10.1.1.0/24
sensor(config-hos-net)# telnet-option ?
enabled Enable the telnet server on the sensor.
disabled Disable the telnet server on the sensor.
sensor(config-hos-net)# telnet-option enabled
sensor(config-hos-net)# exit
sensor(config-hos)# exit
sensor(config)# username ?
<username> Username to add to the system.
sensor(config)# username admin ?
<cr>
password Enter user password.
privilege User privilege level for local sensor.
sensor(config)# username admin privilege ?
administrator Allows full system privileges.
operator May modify most configuration.
service Logs directly into a system shell.
viewer No modification allowed view only.
sensor(config)# username admin privilege administrator ?
<cr>
password Enter user password.
sensor(config)# username admin privilege administrator password cisco4240!
sensor(config)# service ?
aaa Enter configuration mode for AAA options.
analysis-engine Enter configuration mode for global analysis engine
options.
anomaly-detection Enter configuration mode for anomaly-detection.
authentication Enter configuration mode for user authentication options.
event-action-rules Enter configuration mode for the event action rules.
external-product-interface Enter configuration mode for the interfaces to external
products.
global-correlation Enter configuration mode for global correlation
configuration.
health-monitor Enter configuration mode for health and security
monitoring.
host Enter configuration mode for host configuration.
interface Enter configuration mode for interface configuration.
logger Enter configuration mode for debug logger.
network-access Enter configuration mode for the network access controller.
notification Enter configuration mode for the notification application.
signature-definition Enter configuration mode for the signature definition.
ssh-known-hosts Enter configuration mode for configuring SSH known hosts.
trusted-certificates Enter configuration mode for configuring trusted
certificates.
web-server Enter configuration mode for the web server application.
sensor(config)# service host
sensor(config-hos)# ?
auto-upgrade Configure Auto Upgrade Settings.
crypto Configure cryptographic settings.
default Set the value back to the system default setting.
exit Exit service configuration mode.
network-settings Configure network settings.
ntp-option Select whether to synchronize the sensor's clock to an NTP time
server.
password-recovery Option to allow password recovery.
show Display system settings and/or history information.
summertime-option Select whether summertime (Daylight Savings Time) begins and ends
at the same time every year (recurring), or just this year
(non-recurring), or summertime is disabled.
time-zone-settings Configure time zone settings.
sensor(config-hos)# network-settings
sensor(config-hos-net)# ?
access-list List of trusted hosts and/or networks.
default Set the value back to the system default setting.
dns-primary-server Optional primary DNS server. Currently DNS is only used by the
collaboration service.
dns-secondary-server Optional secondary DNS server. Currently DNS is only used by the
collaboration service.
dns-tertiary-server Optional tertiary DNS server. Currently DNS is only used by the
collaboration service.
exit Exit network-settings configuration submode
ftp-timeout The FTP client timeout (in seconds) used when communicating with
an FTP server.
host-ip The IP address/netmask, and default gateway used on the command
and control interface.
host-name Network host name assigned to the sensor.
http-proxy Optional HTTP/HTTPS proxy server. Currently the proxy is only
used by the collaboration service.
login-banner-text Banner to be displayed at login.
no Remove an entry or selection setting.
show Display system settings and/or history information.
telnet-option Option to enable or disable the telnet server on the sensor.
sensor(config-hos-net)# host-ip ?
<A.B.C.D/nn,E.F.G.H> The IP address/netmask, and default gateway used on the command
and control interface.
sensor(config-hos-net)# host-ip 10.1.1.1/24,10.1.1.2
sensor(config-hos-net)# access-list ?
<A.B.C.D>/nn Network address of a trusted host or network. To represent a single host
address, use /32 for the network mask.
sensor(config-hos-net)# access-list 10.1.1.0/24
sensor(config-hos-net)# telnet-option ?
enabled Enable the telnet server on the sensor.
disabled Disable the telnet server on the sensor.
sensor(config-hos-net)# telnet-option enabled
sensor(config-hos-net)# exit
sensor(config-hos)# exit
sensor(config)# username ?
<username> Username to add to the system.
sensor(config)# username admin ?
<cr>
password Enter user password.
privilege User privilege level for local sensor.
sensor(config)# username admin privilege ?
administrator Allows full system privileges.
operator May modify most configuration.
service Logs directly into a system shell.
viewer No modification allowed view only.
sensor(config)# username admin privilege administrator ?
<cr>
password Enter user password.
sensor(config)# username admin privilege administrator password cisco4240!
Hi John, Nice blog!
ReplyDeleteCan you please explain how to interconnect the IPS 4240 VM (ova file running in vmware workstation) with a GNS3 topology? I want to fully test some inline scenarios with the VM. Is that even possible? if yes, can you share how to do it?
many thanks!
Yes, you could add the VM either using the Loopback interface (cloud) or using Virtual Box.
ReplyDelete