Logging In To The Aim Ips; The Aim Ips And The Session Command - Cisco IPS-4255-K9 - Intrusion Protection Sys 4255 Installation Manual

Logging In to the AIM IPS

If a connection is dropped or terminated by accident, you should reestablish the connection and exit
Caution
normally to prevent unauthorized access to the appliance.
Logging In to the AIM IPS
This section describes how to use the session command to log in to the AIM IPS, and contains the
following topics:
•
•

The AIM IPS and the session Command

Because the AIM IPS does not have an external console port, console access to the AIM IPS is enabled
when you issue the service-module ids-sensor slot/port session command on the router, or when you
initiate a Telnet connection into the router with the slot number corresponding to the AIM IPS port
number. The lack of an external console port means that the initial bootup configuration is possible only
through the router.
When you issue the service-module ids-sensor slot/port session command, you create a console session
with the AIM IPS, in which you can issue any IPS configuration commands. After completing work in
the session and exiting the IPS CLI, you are returned to the Cisco IOS CLI.
The session command starts a reverse Telnet connection using the IP address of the IDS-Sensor
interface. The IDS-Sensor interface is an interface between the AIM IPS and the router. You must assign
an IP address to the IDS-Sensor interface before invoking the session command. Assigning a routable
IP address can make the IDS-Sensor interface itself vulnerable to attacks, because the AIM IPS is visible
on the network through that routable IP address, meaning you can communicate with the AIM IPS
outside the router. To counter this vulnerability, assign an unnumbered IP address to the IDS-Sensor
interface. Then the AIM IPS IP address is only used locally between the router and the AIM IPS, and is
isolated for the purposes of sessioning in to the AIM IPS.
Before you install your application software or reimage the module, opening a session brings up the
Note
bootloader. After you install the software, opening a session brings up the application.
If you session to the module and perform large console transfers, character traffic may be lost unless the
Caution
host console interface speed is set to 115200/bps or higher. Use the show running config command to
check that the speed is set to 115200/bps.
For More Information
For the procedure for configuring an unnumbered IP address interface for the AIM IPS, refer to
an Unnumbered IP Address
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
9-4
The AIM IPS and the session Command, page 9-4
Sessioning In to the AIM IPS, page 9-5
Interface.
Chapter 9 Logging In to the Sensor
Using
OL-18504-01