Setup Cisco IPS on EVE
I failed to setup Cisco IPS on EVE(ver 2.0.3-53).
What I did: Download Cisco IPS ova file via: http://certcollection.org/forum/topic/270568-ips-4240-ver-7-unholy-darkness/page__hl__%20cisco%20%20ips (https://mega.nz/#!W99UnTIa!-3k6bQwiD_DhNCDFfL6TWlU69KoRwIYeaJE9JlDOASY)
Did everything been listed in following instructions for IPS Interfaces http://certcollection.org/forum/topic/266792-emulating-ips-on-unl/ http://www.cznetlab.cz/index.php?cat=cciesec&subcat=unlips
My problem is:
Cisco IPS failed to ping anything out of it, I run traffic capture on IPS’s interface, no packet out when I execute ping command.
Question on EVE official forum: http://www.unetlab.com/forum/viewtopic.php?f=5&t=55&sid=25184c5b3a889925218c20bffb2f180f
The official answer is: This image is currupted and not working nor UNL nor EVE
So, I deploy it on VMware vShpere
Setup VM networks on vShpere
Setup IPS’s networks
Setup EVE’s networks
Setup EVE Lab
Initial Cisco IPS
I initilized the device from Cisco IPS console interface.
Default username/password is : cisco/ciscoips123
then enter command ‘setup‘ to initial the device.
The most import thing is to disable HTTPS. Cisco IPS enabled https by default which is not supported by most browsers(Chrome/Firefox/IE) now. Execute following commands:
Then access the device by http, it will prompt you to lunch IDSM (* Java required)
Before Cisco IPS Interface Pair
Add Interface Pair
After Cisco IPS Interface Pair
Lab1- Recognize ICMP as Attack
Execute ping command on R1
Cisco IPS Event