Guest

Cisco IOS Intrusion Prevention System (IPS)

How to Use CSM to Configure IOS IPS

  • Viewing Options

  • PDF (1.5 MB)
  • Feedback

How to Use CSM to Configure IOS IPS

Cisco® Security Manager(CSM) is part of the Cisco Security Management Suite, whichdelivers comprehensive policy administration and enforcement for the Cisco Self‑Defending Network. Cisco Security Manager is an industry-leading enterprise-class application for managing security. Cisco Security Manager addresses configuration management of firewall, VPN, and intrusion prevention system (IPS) security services across Cisco routers, security appliances, and security services modules. For a summary of Cisco Security Manager Features and benefits, including new features in Version 3.1, refer to the Cisco Security Manager 3.1 data sheet at http://www.cisco.com/go/csmanager. Customer can download CSM 3.1 from Cisco.com at http://www.cisco.com/cgi-bin/tablebuild.pl/csm-app

This document will guide users step by step by using CSM 3.1 to perform initial configuration ofIOS IPS. For routers already configured with IOS IPS, customers can directly use CSM 3.1 forprovisioning tasks.

Note: CSM 3.1 supports only IOS 12.4(11)T2 and later IOS images for configuring IOS IPS.

Step 1 Run CSM 3.1 client from the local pc

Step 2 Click on File menu and select New Device to add a device onto the CSM 3.1

Step 3 In the New Device screen, choose how you would like to add the device. In our case, wechoose to Add Device From Network. Click Next.

Step 4 Enter the Identity details of the device which you want to add like the hostname, ipaddress. Click Next.

Step 5 Enter the Primary Credentials like Username, Password, Enable password for the IOSRouter which you want to add. Click on Finish to add the device onto CSM.

Note: Here we assume that, the user already has a preconfigured router and can login to the router using the credentials.

Step 6 You will see the Discovery Status screen which shows the status of the discovery. If you see that the Status as “Discovery completed” then, you have successfully added a device onto the CSM. Proceed to the next step.

Step 7 The 1st thing to do for enabling IPS is to assign a public key, Navigate to FlexConfigs configuration screen on the left menu. Click on the FlexConfigs user interface on the right side ofthe screen, Press on the Add button.

Step 8 Select IOS_IPS_PUBLIC_KEY FlexConfigs from the table and click OK. Click on Save button to save the changes. “IOS_IPS_PUBLIC_KEY” has the config for Public Key.

Step 9 Click on the IPS section and navigate to General Settings. Provide the IPS config location on the flash. This location will be used to place the IPS configs. Click on Save button to save changes.

Note: Make sure the location directory has already been created on router flash. If not, use “mkdir <directory_name>“ to create the location directory.

Step 10 To Enable IPS, navigate to Interface Rules and Check on “Enable IPS” check box and then, press on the Add Row button.

Step 11 In the Add/Edit IPS Rule screen, enter a Rule Name for the IPS. Click on the Add Row button to include the interfaces on which IPS has to be applied.

Step 12 Select the Direction in which the IPS rule has to be applied and Click on the Select button to choose the Interfaces.

Step 13 Select the Interface from the Interface Selector and Press OK.

Step 14 Click on the Save button to Save the changes.

Step 15 Click on the Tools menu and Select Apply IPS Update to install the latest IPS signatures.

Step 16 Select the Latest Signature file and Click “Next”.

Step 17 Select the devices on which the IPS update has to be applied and click Next.

Step 18 Click on the Finish button to apply the signatures.

Step 19 Navigate to IPS and Click on Signatures to view the list of all the signatures.

Step 20 Go to File Menu and click on “Submit and Deploy…” to deploy IPS on the IOS router.

Step 21 Select the device on which you want to deploy the changes and Click “Deploy”

Step 22 View the Deploy status to verify if there are any errors.

Reference

Cisco IOS IPS on Cisco.com: http://www.cisco.com/go/iosips

Getting Started with Cisco IOS IPS with 5.x Signature Format: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper0900aecd805c4ea8.shtml

Cisco IOS IPS Configuration Guide: http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html