IPS not functionning

Hello all,

I have a Cisco 871 router, which I installed the SDM on. When I try to configure the IPS, it tells me the module is not there.

So, I loaded the ips.tar file to the router from the SDM cd, and the

128MB.sdf file for the signatures. When I use the SDM now, though, it still tells me that the IPS is not loaded.

I rebooted the router, but nothing. Do I need to load ips.tar in memory for it work? If so, how? I've looked up every command I could find but no cigar...

Thanks!

Reply to
Kronos
Loading thread data ...

Hi,

I am not familiar with enabling IPS within SDM but could guide you though it via console/telnet/ssh.

Generally via the command line one would create an IPS statement with a name, then configure the SDF file location and then apply that rule to an interface, more than likely inbound on the internet facing interface.

Something like this:

config t ip ips name IPS_CHECK ip ips sdf location flash:128MB.sdf ip ips notify log (for syslog) int x ip ips IPS_CHECK in

This is the minimum to get started.

Bear in mind the 128MB.sdf file is for routers with a minimum of 128MB RAM, which I'm sure you know about.

You might not find any signature matches right away in the logs but something should come up...eventually. That is if there is not some bug within the IOS. If you are able to post a running configuration please do so if it still doesn't work.

Hope this helps,

Rob

Reply to
RobO

Hi Rob,

thanks for your help, but I'm still having a problem. When running "ip ips name IPS_CHECK", I get the error "% Invalid input detected at '^' marker." And the marker is under the "ips" word.

Here's my running config. Of course, I've removed a few values, but it's the whole of it :) I'm messing with my first Cisco here, so I know it's not totally configured yet...

============================================================

Current configuration : 5241 bytes ! ! Last configuration change at 16:50:47 PCTime Fri Sep 2 2005 by admin ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname cisco1 ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 ************************ ! username admin privilege 15 secret 5 ************************ clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa session-id common ip subnet-zero no ip source-route ip cef ! ! ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip tcp synwait-time 10 no ip bootp server ip domain name test.local ip name-server 10.0.253.2 ip name-server 64.254.144.134 ip ssh time-out 60 ip ssh authentication-retries 2 vpdn-group 1 accept-dialin protocol pptp virtual-template 2 terminate-from hostname cisco1 ! no ftp-server write-enable ! ! ! ! ! ! ! interface FastEthernet0 no ip address no cdp enable ! interface FastEthernet1 no ip address no cdp enable ! interface FastEthernet2 no ip address no cdp enable ! interface FastEthernet3 no ip address no cdp enable ! interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$ ip address (EXTERNAL_IP_HERE) 255.255.255.0 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto no cdp enable ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 10.0.253.12 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! ip classless ip route 0.0.0.0 0.0.0.0 (GATEWAY_HERE) ! ip http server ip http access-class 2 ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.0.253.0 0.0.0.255 access-list 2 remark HTTP Access-class list access-list 2 remark SDM_ACL Category=1 access-list 2 permit 10.0.253.0 0.0.0.255 access-list 2 deny any access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip (EXTERNAL_SUBNET_HERE) 0.0.0.255 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 deny ip 10.0.253.0 0.0.0.255 any access-list 101 permit icmp any host (WAN_IP_HERE) echo-reply access-list 101 permit icmp any host (WAN_IP_HERE) time-exceeded access-list 101 permit icmp any host (WAN_IP_HERE) unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 102 remark VTY Access-class list access-list 102 remark SDM_ACL Category=1 access-list 102 permit ip 10.0.253.0 0.0.0.255 any access-list 102 deny ip any any access-list 102 remark VTY Access-class list access-list 102 remark SDM_ACL Category=1 snmp-server community public RO snmp-server community private RW snmp-server location cisco1 snmp-server contact snipped-for-privacy@test.com snmp-server host (SNMP_SERVER_HERE) snipped-for-privacy@test.com no cdp run ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 no modem enable transport preferred all transport output telnet line aux 0 transport preferred all transport output telnet line vty 0 4 access-class 102 in exec-timeout 60 0 transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end

============================================================

Thanks for the help!

Reply to
Kronos

Just to confirm, did you try the command in global configuration mode? ie:

router# router#config t router(config)#ip ips name IPS_CHECK

If it still doesn't give you the option then probably the IOS version you have does not support it!

What is your IOS version? router#show version Post the output of that.

Rob.

Reply to
RobO

No, even with config t it doesn't work. Which is weird since I was told it supports IPS...

cisco1#show version Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version

12.3(8)YI1, RELEASE SOFTWARE (fc1) Synched to technology version 12.3(10.3)T2 Technical Support:
formatting link
(c) 1986-2005 by Cisco Systems, Inc. Compiled Fri 22-Apr-05 14:57 by ealyon

ROM: System Bootstrap, Version 12.3(8r)YI, RELEASE SOFTWARE ROM: Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version

12.3(8)YI1, RELEASE SOFTWARE (fc1)

cisco1 uptime is 4 days, 18 hours, 3 minutes System returned to ROM by reload System restarted at 13:44:34 PCTime Thu Sep 1 2005 System image file is "flash:c870-advsecurityk9-mz.123-8.YI1.bin" Last reload reason: Reload command

This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

formatting link
If you require further assistance please contact us by sending email to snipped-for-privacy@cisco.com.

Cisco 871 (MPC8272) processor (revision 0x100) with 118784K/12288K bytes of memory. Processor board ID FHK093213P8 MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces 128K bytes of non-volatile configuration memory. 24576K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

Reply to
Kronos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.