More than one route can be established to the same Director
by giving each route a preference number that establishes the relative priority
of routes. The router always attempts to use the lowest numbered route,
switching automatically to the next higher number when a route fails and then
switching back when the route begins functioning again.
In this example, two routes for the same dual-homed (residing on
two networks) IDS Director are defined.
Rtr1(config)#ip audit po remote hostid 777 orgid 25
rmtaddress 192.168.1.3 localaddress 192.168.1.1 preference 1
Rtr1(config)#ip audit po remote hostid 777 orgid 25
rmtaddress 192.168.6.3 localaddress 192.168.6.1 preference 2
The router will use the first entry to establish communication
with the Director, host ID 777, and organization ID 25. The router will switch
to the secondary route if the preferred route fails. When the preferred route
returns to service, the router switches back and closes the secondary route.
In this example, the Director is assigned a longer heartbeat
timeout value, with a default of five seconds, because of predictable network
congestion. This is also designated as a logger application.
Rtr1(config)#ip audit po remote hostid 727 orgid 25
rmtaddress 192.168.4.3 localaddress 192.168.4.1 timeout 10 application
logger
After you configure the router, it’s necessary to add the Cisco
IOS Firewall IDS router’s Post Office information to Cisco Secure IDS Sensors
and Directors communicating with the router. This process is covered in the last
four chapters of the book.
|
Note |
Remember, if the Post Office features are added or changed,
then it’s necessary to save the configuration and reload the router. |
Sections
Comments (0 posted)
Syndication
