SDEE is inside of tcp/443. You can't send SDEE directly to a syslog server, thats why you have the log option instead of SDEE. If you really want to go back before SDEE we had RDEP. :) At any-rate SDEE is inside of an HTTPS/TLS connection.
Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 19, 2010, at 4:29 AM, Kingsley Charles wrote: > Hi > > IPS uses SDEE ( Cisco Security Device Event Exchange ) to send IPS messages > to clients. My understanding is that SDEE is wrapped in HTTP. Hence across > firewalls, port 80/443 alone should be opened for SDEE. For log, port 514 > should be open. > > router2(config)#ip ips notify ? > SDEE Send events to SDEE > log Send events as syslog messages > > Please share your thoughts, if you differ. > > > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
