Cisco Cisco IPS 4255 Sensor
30
Release Notes for Cisco Intrusion Prevention System 6.2(2)E4
OL-21670-01
Restrictions and Limitations
For More Information
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 6.2(2)E4 software and the products that
run 6.2(2)E4:
run 6.2(2)E4:
•
For IPS 5.0 and later, you can no longer remove the cisco account. You can disable it using the no
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
•
The AIP SSC-5 does not support virtualization, unretiring default retired signatures, creating
custom signatures, adding signatures, cloning signatures, or anomaly detection.
custom signatures, adding signatures, cloning signatures, or anomaly detection.
•
The AIP SSC-5 can take up to 20 minutes to come online when it reboots after the installation of a
new system image. You must let the process complete before you can make configuration changes
to the AIP SSC-5. If you try to modify and save configuration changes before the process is
complete, you receive an error message.
new system image. You must let the process complete before you can make configuration changes
to the AIP SSC-5. If you try to modify and save configuration changes before the process is
complete, you receive an error message.
•
Anomaly detection does not support IPv6 traffic; only IPv4 traffic is directed to the anomaly
detection processor.
detection processor.
•
ICMP signature engines do not support ICMPv6, they are IPv4-specific, for example, the Traffic
ICMP signature engine. ICMPv6 is covered by the Atomic IP Advanced signature engine.
ICMP signature engine. ICMPv6 is covered by the Atomic IP Advanced signature engine.
•
Rate limiting and blocking are not supported for IPv6 traffic. If a signature is configured with a
block or rate limit event action and is triggered by IPv6 traffic, an alert is generated but the action
is not carried out.
block or rate limit event action and is triggered by IPv6 traffic, an alert is generated but the action
is not carried out.
•
IPv6 does not support the following event actions: Request Block Host, Request Block Connection,
or Request Rate Limit.
or Request Rate Limit.
•
CSM and MARS do not support IPv6.
•
The AIM IPS and the NME IPS do not support the IPv6 features, because the routers in which they
are installed do not send them IPv6 data. IPv6 inspection may work on the IDSM2, but we do not
officially support it. There is no support for IPv6 on the management (command and control)
interface. With ASA 8.2(1), the AIP SSM and the AIP SSC-5 support IPv6 features.
are installed do not send them IPv6 data. IPv6 inspection may work on the IDSM2, but we do not
officially support it. There is no support for IPv6 on the management (command and control)
interface. With ASA 8.2(1), the AIP SSM and the AIP SSC-5 support IPv6 features.
•
VACLs on Catalyst switches do not have IPv6 support. The most common method for copying traffic
to a sensor configured in Promiscuous mode is to use VACL capture. If you want to have IPv6
support, you can use SPAN ports.
to a sensor configured in Promiscuous mode is to use VACL capture. If you want to have IPv6
support, you can use SPAN ports.
•
The AIM IPS and the NME IPS do not support virtualization.
•
When you reload the router, the AIM IPS and the NME IPS also reload. To ensure that there is no
loss of data on the AIM IPS or the NME IPS, make sure you shut down the module using the
shutdown command before you use the reload command to reboot the router.
loss of data on the AIM IPS or the NME IPS, make sure you shut down the module using the
shutdown command before you use the reload command to reboot the router.
•
Do not deploy IOS IPS and the AIM IPS and the NME IPS at the same time.