7200emu.hacki.at

[kicay]

I did everything like in README but i have problem with communication with ips. I configure Ethernet 1 (in VM machine) to bridge with real ethernet interface, assigned them addres from the same subnet and ping/telnet/ssh didn't work.

Ifconfig (form service IPS mode) shows that interface ma0_0 is up.

[einval]

Hi kicay,

this can be related to two problems:

1. VMWAre

There is a problem with VMWare in combination with IPS - at least on my system. When the you have started the IPS completely and made all the interface configuration, disconnect/connect all the VMWare network adapters by right-clicking on the network interface symbols in the VMWare status area (at the bottom to the right).

Check teh arp table on both the IPS and the other host to see if ARP works.

2. access-list

IPS will create iptables rules (look at iptables -L -v n) for ptotecting itself, based on the access-list definitions you made in the cli. Can you check if you acl is defined and if the iptables rules are there?

[einval]

Disappointed by the results I've seen yesterday when testing IPSv6 in VMWare I made some additional research. I cannot accept that this dam^H^H^Hnice piece of sh^H^H software is so bullish

I made a test wih qemu by compiling the latest snapshot with e100 network card support, booted the recovery CD, reimaged the sensor and voila, the e100-cids driver loads.

After applying some modifications the software recognizes the VM as a IDS-4215. The only thing that is left are the BIOS modifications, because the software still checks DMI strings reported by the BIOS.

After a short look at the Bochs BIOS sources I gave up - it was late in the evenning and it seems that advanced programming skills are needed. I will see what I can do - but no promises.

[mmm123]

IDS BIOS can be downloaded from cisco software center as BIOS upgrade. Unfortunately it doesn't work without some modifications. For obvious reasons I can't publish modified version, but still if you want to use BIOS just for identification (not for loading image from tftp server in monitor mode), it might help.
I did some test several months ago with pemu. By just replacing mybios_d800 with IDS bios, it startst as IDS, loads recovery image from tftp server. Unfortunately I removed IDE driver prom pemu in way that it is not easy to restore. But still You could try fresh qemu source, by just implementing i82559 net driver instead or ne2000 (there are several post about juniper support, that might help) and IDS BIOS for identification.

[james5299]

hi einval

thanks for such a great post. i tried using ur instructions. it went well . i reached to the point where it ask to login into the sensor. which means i am very close to get it working. i need little help from you. can you please tell me how to configure the BIOS parameters ? i need help on that.
[b][b]modified VMWare BIOS (CISCO_IDS4215_440.BIOS.ROM)
This file should be in the archive from where you extracted this Howto[/b][/b]

please tell me if possible from where to get this file. and how to configure the VM bios file.

regards
james

[einval]

thanks, mmm123.

qemu seems to be the correct way of doing things, because everything the IPS software needs (hdd and e100 support) is already there. The other path - modifying pemu source in a way that it supports hard disk support and the intel nic - seems to be much harder.

I did some tests with the Cisco BIOS loading by qemu, but without success. I tried the complete BIOS file (downloaded .bin) as well with extracted parts (according to the locations inside the .bin file mentioned in the old thread).

Can you say what part of the original .bin file is loadable by qemu and where to hook it in (replacement for bios.bin or option ROM?

I think this will be the easiest and most accurate way of doing things - relying on the vendor distributed BIOS code. I dont want to modify the cisco BIOS. If this will not workl I have to look at Bochs BIOS again, but modifying this is not a simple task for me as compared to modifying the VMWare BIOS

[einval]

[james5299]

hi Einval,

can you please throw some extra light on how to change the DMI string to get the serial number of device.

regards
james

[einval]

Its not that hard. Make yourself familiar with

http://www.vmware.com/community/thread.jspa?threadID=28149

Then modify the BIOS with a hex editor or a BIOS editor. The DMI strings that should contain serial number information will hold a dummy serial numer of 12345678901 - you dont have to use a valid one, product codes will read "IDS-4215" and vendor information will be "Cisco Systems".

Thats all.

[pgtedy]

Hi einval,

Do you know from where is read the serial number and why IPS v5 on vmware does not show a serial?
I ask because i want to use a valid license on IPS vmware to make it fully functional....similar to using a valid license of PIX on pemu.

Thanks.

[einval]

Hi,

according to what I discovered so far, IPS looks at the DMI strings for serial number and perhaps UUID too.

I wasnt able to trick the IPS into accepting the script output from the smbios_bios_info file. mainApp will query the DMI variables too.

The problem with VMWare is that it patches the SMBIOS everytime you start the VM with its own string, making any changes to the UUID string I made in the BIOS useless. The VMWare inserted serial number starts with "VMWare-...". I didnt looked into the details, because I dont need a woking serial number.

To fix this problem you can start looking at the uuid.* options in the VM config file by changing them and then tell VWare to keep them.

Good luck!

[kicay]

Hello
IPS 5.0 works great on VMware. I used IPS-K9-cd-1.1-a-5.1-4.iso and IPS-K9-cd-1.1-a-5.1-5-E1.iso - both work ok.
In my last post I sad that interface didn't work. It was my problem - I didn't read README carfully - I should Disable/Enable vm network interface cards. .

Thanx to enival .

[sebastan_bach]

hi is 5.1 ips image is also supported on this.

[einval]

[mek]

Hello at all.
I'm trying on Windows but it does not pass the model check!
Any ideas?
Thanks.