Dears,
I have anomaly detector module and anomaly guard module installed on my 7606 Cisco router,
but My detector guard always fail to run ssh command to guard to create dynamic filter
anyone can help me to check wheteher any miss cofiguration on the detector/guard module?
please advice...
below are configuration on the detector module:
####################
interface eth1
ip address 10.10.10.10 255.255.255.248
mtu 1500
no shutdown
exit
interface giga2
mtu 1500
no shutdown
exitre--
default-gateway 10.10.10.9
service wbm
permit wbm 10.10.10.0 255.255.255.248
permit ssh 10.10.10.8 255.255.255.248
remote-guard 10.10.10.11
##########################
below are Anomaly guard modul configuration
##########################
interface eth1
ip address 10.10.10.11 255.255.255.248
mtu 1500
no shutdown
exit
interface giga2
mtu 1500
no shutdown
exitre--
default-gateway 10.10.10.9
service wbm
permit wbm 10.10.10.0 255.255.255.248
permit ssh 10.10.10.8 255.255.255.248
self-protection
##########################
below are warning log on the WBM interface when I create zone
##########################
Feb 9 11:46:27 Warning warning
Failed to run ssh command to Guard 10.10.10.11
Bad file descriptor(=9)
Feb 9 11:46:27 Warning Add-Dynamic-Filter-Failed
filter-id=51003, filter-type=remote-activate, policy=tcp_outgoing/any/analysis/reqs/dst_ip, filter-src-ip=*, filter-src-ip-subnet=*, filter-protocol=6, filter-src-port=* , filter-dest-port=* , filter-fragment=no, filter-dest-ip=x.x.x.x, attack-src-ip=*, attack-src-ip-subnet=*, attack-protocol=6, attack-src-port=* , attack-dest-port=* , attack-fragment=no, attack-dest-ip=x.x.x.x, policy-threshold=60.0, approximate-triggering-rate=138.29
####################
Thanks
Best Reragds
Vincent
I have anomaly detector module and anomaly guard module installed on my 7606 Cisco router,
but My detector guard always fail to run ssh command to guard to create dynamic filter
anyone can help me to check wheteher any miss cofiguration on the detector/guard module?
please advice...
below are configuration on the detector module:
####################
interface eth1
ip address 10.10.10.10 255.255.255.248
mtu 1500
no shutdown
exit
interface giga2
mtu 1500
no shutdown
exitre--
default-gateway 10.10.10.9
service wbm
permit wbm 10.10.10.0 255.255.255.248
permit ssh 10.10.10.8 255.255.255.248
remote-guard 10.10.10.11
##########################
below are Anomaly guard modul configuration
##########################
interface eth1
ip address 10.10.10.11 255.255.255.248
mtu 1500
no shutdown
exit
interface giga2
mtu 1500
no shutdown
exitre--
default-gateway 10.10.10.9
service wbm
permit wbm 10.10.10.0 255.255.255.248
permit ssh 10.10.10.8 255.255.255.248
self-protection
##########################
below are warning log on the WBM interface when I create zone
##########################
Feb 9 11:46:27 Warning warning
Failed to run ssh command to Guard 10.10.10.11
Bad file descriptor(=9)
Feb 9 11:46:27 Warning Add-Dynamic-Filter-Failed
filter-id=51003, filter-type=remote-activate, policy=tcp_outgoing/any/analysis/reqs/dst_ip, filter-src-ip=*, filter-src-ip-subnet=*, filter-protocol=6, filter-src-port=* , filter-dest-port=* , filter-fragment=no, filter-dest-ip=x.x.x.x, attack-src-ip=*, attack-src-ip-subnet=*, attack-protocol=6, attack-src-port=* , attack-dest-port=* , attack-fragment=no, attack-dest-ip=x.x.x.x, policy-threshold=60.0, approximate-triggering-rate=138.29
####################
Thanks
Best Reragds
Vincent