Setup Cisco IPS on EVE
Followed the [instructions](http://certcollection.org/forum/topic/266792-emulating-ips-on-unl/ http://www.cznetlab.cz/index.php?cat=cciesec&subcat=unlips) for IPS Interfaces.
and met the issue:
Cisco IPS failed to ping anything out of it, I run traffic capture on IPS’s interface, no packet out when I execute ping command.
Related post on EVE official forum, and the official answer is: This image is corrupted and not working neither on UNL nor EVE
So, I deploy it on VMware vShpere
Setup VM networks as well
Change VM-IPS’s networks
Change VM-EVE’s networks
Start the VMS and setup a Lab in EVE
Initialize Cisco IPS
I initialized the device from Cisco IPS console interface.
Default username/password is cisco/ciscoips123
then enter command ‘setup‘ to initial the device.
The most import thing is to disable HTTPS. Cisco IPS enabled https by default and its cert was not supported by most browsers(Chrome/Firefox/IE) now. Execute following commands:
service web-server enable-tls false port 80 exit
Then access IPS by http, it will prompt you to lunch IDSM(* Java required)
Configure Interface Pairs
Before Cisco IPS Interface Pair
Configure Interface Pair
After Cisco IPS Interface Pair
Exercise 1 - Recognize ICMP as Attack
Verification: Execute ping command on R1
Cisco IPS Event
Scan the QR code using WeChat