Setup Cisco IPS on EVE
I failed to setup Cisco IPS on EVE(ver 2.0.3-53). I Downloaded Cisco IPS ova file via certcollection (mega)
Followed the [instructions](http://certcollection.org/forum/topic/266792-emulating-ips-on-unl/ http://www.cznetlab.cz/index.php?cat=cciesec&subcat=unlips) for IPS Interfaces.
and met the issue:
Cisco IPS failed to ping anything out of it, I run traffic capture on IPS’s interface, no packet out when I execute the ping command.
Related post on EVE official forum, and the official answer is: This image is corrupted and not working neither on UNL nor EVE
So, I deploy it on VMware vShpere
![vmware-1]()
vmware-1 Setup VM networks as well
![vmware-2]()
vmware-2 Change VM-IPS’s networks
![vmware-Network-1]()
vmware-Network-1 Change VM-EVE’s networks
![vmware-Network-2]()
vmware-Network-2 Start the VMS and setup a Lab in EVE
![Topo]()
Topo Initialize Cisco IPS
I initialized the device from Cisco IPS console interface.
![Console]()
Console The default username/password is cisco/ciscoips123
then enter the command ‘setup‘ to initial the device.
The most import thing is to disable HTTPS. Cisco IPS enabled https by default and its cert was not supported by most browsers(Chrome/Firefox/IE) now. Execute the following commands:
service web-server enable-tls false port 80 exitThen access IPS by HTTP, it will prompt you to lunch IDSM(* Java required)
![IPs DM]()
IPs DM ![IPs DM Main UI]()
IPs DM Main UI Configure Interface Pairs
Before Cisco IPS Interface Pair
![Ping-1]()
Ping-1 Configure Interface Pair
![Interface Pair]()
Interface Pair After Cisco IPS Interface Pair
![Ping-2]()
Ping-2 Bind vs
![VS-1]()
VS-1 Exercise 1 - Recognize ICMP as Attack
![Sig-1]()
Sig-1 ![Sig-2]()
Sig-2 ![Sig-3]()
Sig-3 ![Sig-4]()
Sig-4 Verification: Execute ping command on R1
![ping-3]()
ping-3 Cisco IPS Event
![Event-1]()
Event-1 ![Event-2]()
Event-2
Scan the QR code using WeChat