Guest

Cisco IOS Intrusion Prevention System (IPS)

Security Manager in Cisco IOS Intrusion Prevention System Configuration Example

Cisco - Security Manager in Cisco IOS Intrusion Prevention System Configuration Example

Document ID: 105626

Updated: May 17, 2008

   Print

Introduction

Cisco Security Manager is part of the Cisco Security Management Suite, which delivers comprehensive policy administration and enforcement for the Cisco Self-Defending Network. Cisco Security Manager is an industry-leading enterprise-class application for managing security. Cisco Security Manager addresses configuration management of firewall, VPN, and Intrusion Prevention System (IPS) security services across Cisco routers, security appliances, and security services modules.

For a summary of Cisco Security Manager Features and benefits, as well as new features in version 3.1, refer to the Cisco Security Manager 3.1 data sheet at http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6498/product_data_sheet0900aecd8062bf6e.html. You can download Cisco Security Manager 3.1 from Cisco.com at http://www.cisco.com/cgi-bin/tablebuild.pl/csm-app (registered customers only) .

This document describes how to use Cisco Security Manager 3.1 in order to perform initial configuration of IOS IPS. For routers already configured with IOS IPS, customers can directly use Cisco Security Manager 3.1 for provisioning tasks.

Note: Cisco Security Manager 3.1 supports only IOS 12.4(11)T2 and later IOS images in order to configure IOS IPS.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco Security Manager 3.1

  • Cisco IOS 12.4(11)T2

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Configure

Complete these steps in order to configure IOS IPS:

  1. Run the Cisco Security Manager 3.1 client from your local PC.

  2. Choose New Device from the File menu in order to add a device onto the Cisco Security Manager 3.1.

    csm_ios_ips_config_01.gif

  3. In the New Device window, choose how you would like to add the device. This example adds the device from the network.

    csm_ios_ips_config_02.gif

  4. Click Next.

  5. Enter the Identity details for the device that you want to add. For example, host name and IP address.

    csm_ios_ips_config_03.gif

  6. Click Next.

  7. Enter the primary credentials, such as user name, password, Enable password for the IOS Router which you want to add.

  8. Click Finish in order to add the device onto Cisco Security Manager.

    Note: This example assume that the user already has a preconfigured router and can log in to the router with the proper credentials.

    csm_ios_ips_config_04.gif

    When "Discovery completed" appears in the Discovery Status window, you have successfully added a device onto the Cisco Security Manager. Once you have successfully added a device onto the Cisco Security Manager, you must assign a public key in order to enable IPS.

    csm_ios_ips_config_05.gif

  9. From the menu on the left, navigate to the FlexConfigs configuration screen.

  10. Click the FlexConfigs user interface on the right side of the screen, and then click the Add icon.

    csm_ios_ips_config_06.gif

  11. In the Selected FlexConfigs list, choose IOS_IPS_PUBLIC_KEY, and click OK.

    csm_ios_ips_config_07.gif

  12. Click Save in order to save the changes.

    Note: The IOS_IPS_PUBLIC_KEY FlexConfig holds the configuration for the public key.

  13. From the menu on the left, choose General Settings located beneath the IPS heading.

  14. Enter the IPS configuration location on the flash. This is the location in which the IPS configurations are placed.

  15. Click Save in order to save the changes.

    csm_ios_ips_config_08.gif

    Note: Make sure the location directory has already been created on router flash. If not, use the mkdir <directory_name> command in order to create the location directory.

  16. In order to enable IPS, navigate to Interface Rules, check the Enable IPS check box, and then click Add Row.

  17. In the Add IPS Rule dialog box, enter a name for the IPS rule in the Rule Name field, and then click Add Row in order to include the interfaces on which IPS must be applied.

    csm_ios_ips_config_09.gif

  18. Click the radio button that indicates in which direction the IPS rule must be applied, and then click Select in order to choose the appropriate interfaces.

    csm_ios_ips_config_10.gif

  19. Choose an interface from the Interface Selector list, and click OK.

    csm_ios_ips_config_11.gif

  20. Click Save in order to save the changes.

    csm_ios_ips_config_12.gif

  21. Choose Tools > Apply IPS Update in order to install the latest IPS signatures.

    csm_ios_ips_config_13.gif

  22. Choose the latest signature file, and click Next.

    csm_ios_ips_config_14.gif

  23. Choose the devices on which the IPS update must be applied, and click Next.

    csm_ios_ips_config_15.gif

  24. Click Finish in order to apply the signatures.

    csm_ios_ips_config_16.gif

  25. Navigate to IPS, and choose Signatures in order to view the list of all the signatures.

    csm_ios_ips_config_17.gif

  26. Choose File > Submit and Deploy in order to deploy IPS on the IOS router.

    csm_ios_ips_config_18.gif

  27. Choose the device on which you want to deploy the changes, and click Deploy.

    csm_ios_ips_config_19.gif

  28. View the deploy status in order to verify if there are any errors.

    csm_ios_ips_config_20.gif

Related Information

Updated: May 17, 2008
Document ID: 105626