Can ping and telnet IPS, but cannot visit the IPS by web browser(Firefox)

Hi Expert
I have a question. I can ping and telnet IDS, but cannot visit the IPS by web(firefox). Please see the picture. When i reach IPS, i got Picture1 and i clicked the "RUN IDM" in it, then it went to Picture2. The firewall is off. When i use Google Chrome visited the iPS, i got Picture 3 and never got Picture 1. It looks like there is a little difference between the two browsers. I already checked each item based on the returned message. I did not find something wrong. Anyone can help and explain it ?
Thank you !
123
EESkyAsked:
Who is Participating?
 
Patrick BogersConnect With a Mentor Datacenter platform engineer LindowsCommented:
Did you try to configure the IDM to connect to https?
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

Could it be you are using a 'to new'  Java version that needs downgrading?
0
 
EESkyAuthor Commented:
Thanks for your reply. i found there are two version 1.7 and 1.6 in my PC. I disabled 1.7 version. but it still not working. so what is old version, how to define old version? Thanks
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi again,

What build of java 1.6 are you using?
For cisco PPDM the right version is Java 1.6 (v6) update 7 to my knowledge.

Guessing here it should also work for the IPS 6.
To download it follow this link.

PS: You need to uninstall all more recent versions.
0
 
EESkyAuthor Commented:
I am using 1.6.0_41
So, click that link, there are a lot 1.6, which one do i need to use ?
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Java SE Runtime Environment 6u7  (it is 1.6.0.7)
0
 
EESkyAuthor Commented:
I deleted all Java and installed old one. Please see picture. but it is still same as before. My PC is windows7 64bit. the java is also for 64bit

aa
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi again,

To bad to hear it did not work.
Since i need to leave now i would like to show you the troubleshooting page from cisco concerning the IPS 6.0 software.
0
 
EESkyAuthor Commented:
Thank you, but it still does not work
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi again,

Please check your config file, i have a feeling only telnet and maybe SSH are configured to accept incoming managing calls but no http.
0
 
EESkyAuthor Commented:
The only configuration that i did is setting up ip address and ACL in IDS. Except the configuration, no other config
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Ah! i assume (since it is this way in Cisco Pix and ASA devices) you need to enable http for managing.

Not sure if this is the command for your rig, but this is it for PIX and ASA

hostname(config)# http server enable [port]    (where port is optional, in case you want https op 443)

I would not be surprised if this will work.
0
 
EESkyAuthor Commented:
Yes Pix/ASA/router all need that command to configure http server, but my paper did not say IDS need it. Definitely i am gonna try it again, and get back the result here
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
I also just read this for IDS:

Changing the Access List

Use the access-list ip_address/netmask command in the service host submode to configure the access list, the list of hosts or networks that you want to have access to your sensor. Use the no form of the command to remove an entry from the list. The default access list is empty.
 
The following hosts must have an entry in the access list:

•Hosts that need to Telnet to your sensor.

•Hosts that need to use SSH with your sensor.

•Hosts, such as IDM, that need to access your sensor from a web browser.

•Management stations, such as VMS, that need access to your sensor.

•If your sensor is a master blocking sensor, the IP addresses of the blocking forwarding sensors must have an entry in the list.
 
To modify the access list, follow these steps:

--------------------------------------------------------------------------------

Step 1 Log in to the sensor using an account with administrator privileges.

Step 2 Enter network settings mode.

sensor# configure terminal
 
sensor(config)# service host
 
sensor(config-hos)# network-settings
 


Step 3 Add an entry to the access list.

sensor(config-hos-net)# access-list 10.89.146.110/32
 


The netmask for a single host is 32.

Step 4 Verify the change you made to the access-list.

sensor(config-hos-net)# show settings
 
   network-settings
 
   -----------------------------------------------
 
      host-ip: 10.1.9.201/24,10.1.9.1 <defaulted>
 
      host-name: sensor <defaulted>
 
      telnet-option: enabled default: disabled
 
      access-list (min: 0, max: 512, current: 2)
 
      -----------------------------------------------
 
         network-address: 10.1.9.0/24
 
         -----------------------------------------------
 
         network-address: 10.89.146.110/32
 
         -----------------------------------------------
 
      -----------------------------------------------
 
      ftp-timeout: 300 seconds <defaulted>
 
      login-banner-text: <defaulted>

Not sure if it is applicable since you are able to telnet into the box.
0
 
EESkyAuthor Commented:
i have not found significant difference between what i read and what you read yet. The question is whether i need to configure http server in IDS like Pix/ASA/router. It looks like there is no this item to configure http server in IDS like Pix/ASA
0
 
EESkyAuthor Commented:
It looks like there are two ways to use web to login to IDS, one is after config IDM, use web browser to login, This is what i am doing. Another one is to use IDM. I used it long time ago, but i never be successful
0
 
EESkyAuthor Commented:
Hi Patricksr1972
Finally i got it! The problem is that i do not know why/how i could login to the IDS. When i was trying it again, i passed four or five steps and then got it, i just record first one and two pictures. here is two:

aabb
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Lol you connected through https and got the certificate warning like supposed to.
Nice ti hear you got in.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.