Cisco Cisco IPS 4255 Sensor
27
Release Notes for Cisco Intrusion Prevention System 6.0(3)E1
OL-20145-01
Restrictions and Limitations
Upgrade History:
IPS-K9-6.0-3-E.1 15:36:05 UTC Wed Aug 22 2007
Recovery Partition Version 1.1 - 6.0(3)E.1
sensor#
Step 7
Copy your license key from a sensor to a server to keep a backup copy of the license:
sensor# copy license-key scp://user@10.89.147.3://tftpboot/dev.lic
Password: *******
sensor#
For More Information
•
For the CLI procedure for adding hosts to the SSH known hosts list, refer to
. For the IDM procedure, refer to
.
•
For the CLI procedure for adding TLS trusted hosts, refer to
. For the
IDM procedure, refer to
•
For more information on Cisco service contracts, see
.
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 6.0(3)E.1 software and the products that
run 6.0(3)E.1:
run 6.0(3)E.1:
•
Do not confuse Cisco OS IDS or Cisco IPS (a software-based intrusion-detection/prevention
application that runs in the Cisco IOS) with the IPS that runs on the NM CIDS. The NM CIDS runs
Cisco IPS 6.0(3)E.1. Because performance can be reduced and duplicate alarms can be generated,
we recommend that you do not run Cisco IOS IDS and Cisco PS 6.0(3)E.1 simultaneously.
application that runs in the Cisco IOS) with the IPS that runs on the NM CIDS. The NM CIDS runs
Cisco IPS 6.0(3)E.1. Because performance can be reduced and duplicate alarms can be generated,
we recommend that you do not run Cisco IOS IDS and Cisco PS 6.0(3)E.1 simultaneously.
•
Only one NM CIDS is supported per Cisco 2600, 2811, 2821 2851, 3825, 3845, and 3700 series
router.
router.
•
Jumbo frames are not supported on the NM CIDS.
•
The NM CIDS does not run in inline mode.
•
The IDS 4215, and NM CIDS do not support virtualization.
•
Cisco access routers only support one IDS/IPS per router.
•
On IPS sensors with multiple processors (for example, the IPS 4260 and IPS 4270-20), packets may
be captured out of order in the IP logs and by the packet command. Because the packets are not
processed using a single processor, the packets can become out of sync when received from multiple
processors.
be captured out of order in the IP logs and by the packet command. Because the packets are not
processed using a single processor, the packets can become out of sync when received from multiple
processors.
•
An IPS appliance can support both promiscuous and inline monitoring at the same time; however
you must configure each physical interface in either promiscuous or inline mode. The sensor must
contain at least two physical sensing interfaces to perform both promiscuous and inline monitoring.
The exceptions to this are AIP SSM-10 and AIP SSM-20. The AIP SSM can support both
promiscuous and inline monitoring on its single physical back plane interface inside the adaptive
you must configure each physical interface in either promiscuous or inline mode. The sensor must
contain at least two physical sensing interfaces to perform both promiscuous and inline monitoring.
The exceptions to this are AIP SSM-10 and AIP SSM-20. The AIP SSM can support both
promiscuous and inline monitoring on its single physical back plane interface inside the adaptive