Highlighted
Absent Member.
Absent Member.
663 views

Anyone faced this issue while installing connector for Cisco IDS/IPS!

Jump to solution

Dear All,

During the installtion of Smartconnector for Cisco IDS/IPS am facing issue, after enter the parameters of the Cisco Sensors its throwing an error like check the prarameter like that!

This error is throwing eventhough imported the Certificate of IDS/IPS successfully to connector! Also used Admin credentials.

Please find the attached screenshots of error for reference.

Details:-

*ArcSight SP2

*Connector installed on Win 2008 server

Regards,

Santhosh I

Labels (2)
Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Absent Member.
Absent Member.

Even i faced the same problem after importing cert in right place.

I ddint face any problem after mentioning the parameter to "False". By mentioning value=False, that connector will not look into whether the certification is present or not, it just directly connect to sensor and start collecting the logs. It works for me, but dont know whether it will give any certification problem later, but till now i didnt got any stuff !

regards,

Santhosh I

View solution in original post

0 Likes
10 Replies
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Hmmmm...

And you surely have followed the steps to import the certificate to the connector's CACERTS Keystore?

What if you continue anyway? What's the outpot of the agent.log afterwards?

- Tobias

0 Likes
Highlighted
Absent Member.
Absent Member.

I tried as per config guide of IPS! and imported the key successfully!

agent log shows that unable to connect to sensor!

Even i checked at cisco end, that the packet from connector is refusing/resetting by cisco.

Regards,

Santhosh I

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi,

I'm experiencing exactly the same issue. I can connect to the IPS web UI. Exported the certificate as per connector configuration guide, and imported it into the clientstore.

All steps were done exactly as indicated in the guide, to no avail.

Using connector 5.2.1.6186.

Davorin

0 Likes
Highlighted
Absent Member.
Absent Member.

Hello All,

Issue got solved! able to view the logs from IDS/IPS.

This time , i didnt export the cert of IPS/IDS. While installing connector , i made the parameter "Enable Certificate Validation = false". Then tried to connect. its successfully connected and starts receiving logs from IPS/IDS.

Try this, it works fine!

regards,

Santhosh I

0 Likes
Highlighted
Absent Member.
Absent Member.

Hey, this did the trick!

Strange, could've sworn I've tried changing that value before...

Thanks Santhosh!

Cheers,

Davorin

0 Likes
Highlighted
Super Contributor.
Super Contributor.

Hi Santhosh.

I mean this is not a best way how to configure agent for Cisco IDS/IPS. I face this problem few months ago. Problem was in right directory for downloaded certificate from Cisco IPS (I use openssl for download ssl certificate from IDS/IPS I import it to right keystore but I don't move certificate to specific directory). When certificate file was in the right directory, agent works fine.

Regards,

0 Likes
Highlighted
Contributor.
Contributor.

Hi Santosh,

Just want to know why "Enable Certificate Validation = false" isn't the right way for configuration, will it  issue a problem later on??

When we kept True, we received the error as "unable to connect to sensor" and also the certicate was also imported to the correct location.

0 Likes
Highlighted
Absent Member.
Absent Member.

Even i faced the same problem after importing cert in right place.

I ddint face any problem after mentioning the parameter to "False". By mentioning value=False, that connector will not look into whether the certification is present or not, it just directly connect to sensor and start collecting the logs. It works for me, but dont know whether it will give any certification problem later, but till now i didnt got any stuff !

regards,

Santhosh I

View solution in original post

0 Likes
Highlighted
Contributor.
Contributor.

Thanks for your quick response..

0 Likes
Highlighted
Absent Member.
Absent Member.

Yes , it works

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.