Configure IOS IPS on Your Router using SDM
|
|
|
|
Introduction
Cisco IOS Intrusion Prevention System (IPS) is a software based inline,
deep-packet inspection-based feature that enables Cisco IOS Software to
effectively mitigate a wide range of network attacks. This document explains
how to configure Cisco IOS IPS on your router with SDM and it applies to 2600XM
1800, 2800 and 3800 routers.
Back to Top
Requirements
To perform the steps described in this document, you need to have these
items:
Back to Top
Configure Cisco IOS IPS on a Router
Cisco IOS IPS enables your network to defend itself with the
intelligence to accurately identify, classify, and stop or block malicious or
damage to the traffic in real time.
Configure an Cisco IOS IPS
Follow these steps to Configure Cisco IOS IPS:
-
Open a web browser and the field L6A of the LAN Addressing
Worksheet. Press Enter to launch SDM. For more information on
how to launch, type http://
router-IP-address
in the Address field.
Use the IP address that you entered in SDM, refer to
Configure
your Router with Security Device Manager.
Note: This document uses examples from SDM version 2.3. Other versions
of SDM can display different output.
-
Click Configure.
-
Click Intrusion Prevention.
-
Click Launch IP Rule Wizard.
-
On the Information window, click
OK to enable SDEE notification.
-
On the Welcome to the IPS Policies Wizard screen, click
Next.
-
On the Select Interfaces screen, next to Interface Name check the
checkbox for either inbound or outbound direction for the interfaces on which
you want to enable IPS. Click Next.
Note: Cisco recommends to enable both inbound and outbound directions
when you enable IPS on an interface.
-
On the SDF Locations screen, click Add to load the
signature definition file.
-
In the Add a Signature Location window, use one of
the these options:
-
If you select Specify SDF on flash option:
-
Select 256MB.sdf from the File Name onflash
list.
-
Check the autosave checkbox.
-
Click OK.
Note: The signature file memory capacity can be either 256MB.sdf or
128MB.sdf.
-
If you select Specify SDF on URL option specify the signature
file location:
-
Select the protocol like tftp or http from the Protocol list.
-
Enter the IP Address and SDF file name.
-
Check the autosave checkbox.
-
Click OK.
-
Ensure that the check box Use Built-in Signatures (as
backup) is selected and click
Next.
-
On the Summary screen, click
Finish.
-
On the Commands Delivery Status window, click
OK.
-
Click Save.
Delete Signatures
Routers have memory constraints and they are unable to load or compile
all the signatures due to memory or CPU constraints of the router.
Follow these steps to delete the signatures which are not relevant to
the applications that you run in your network.
-
Go to Configure > Intrusion
Prevention > Edit IPS >
Signatures.
-
On the left pane scroll down and select the application. Select the
signature that you want to delete from the signature list on the right side of
the screen. Click Delete button at the top of the screen to
delete the signature.
Note: You can also Edit, Disable or Enable the signature from the menu
bar of the screen.
-
On the Command Delivery Status window, click
OK.
-
Click Apply Changes.
Append Additional Signatures after Default SDF is Enabled
After Cisco IOS IPS is enabled, you can add new signatures into the
router which runs a signature set by a import function. To download additional
signatures file, contact the
SMB
Technical Assistance Center (SMB TAC).
Note: Download the signature file and store it on your PC. You can store
the signatures either in Zip or XML format.
-
Go to Configure > Intrusion
Prevention > Edit IPS.
-
Click Import button from the tool bar and select the option
From PC.
-
Select the file you want to import the signatures from your PC and
click Open button to load the signatures from the zip
file.
-
On the IPS Import window, ensure that next to
Step2: the checkbox Do not import signatures that are defined as
Disabled is selected and click
Merge.
Note: The "Replace" option will replace the router's signature set with
signatures selected in this dialog.
-
Click Apply Changes.
-
In the Information window, click
OK.
-
Cisco SDM starts to deliver signatures to the router which is
indicated by Signature Delivery Status window after which
Signature Compilation status window
appears.
-
In the Signature Compilation status window, click
Close.
-
Verify that the total signature number has increased to 493, which
includes all the signatures available in the signature file IOS-S193.zip that
you added.
Back to Top
Next Step
You have now configured Cisco IOS IPS on your router with SDM.
If you have an Integrated Services Router with a wireless antenna,
proceed to
Configure
Wireless Security on an Integrated Service Router.
If you want to configure an Internet connection, refer to the
appropriate document for your connection. If you are not sure what connection
type you have, refer to your Internet Worksheet.
Note: If your router is already connected to the Internet, refer to
Set Up
Internet Security on a Cisco Router.
Back to Top
Troubleshoot the Procedure
This section provides information about common problems that you may
encounter. If this information does not solve your problem, contact the
SMB
Technical Assistance Center (SMB TAC) for assistance.
Problem
|
Cause(s) and Suggested Solution(s)
|
When you click on Intrusion Prevention icon, you get a message
that Intrusion Prevention is not supported.
|
Check whether the IOS Software image installed on your router
supports IPS feature. You router must run with 12.3(8) T or later release
software.
For further assistance contact the
SMB Technical Assistance Center (SMB TAC).
|
You are unable to Import the new signature file on to the flash
memory.
|
Follow these steps:
-
Check whether the signature file is in either Zip or XML
format.
-
Check whether the router has sufficient memory to load all
the signatures. For further assistance contact the
SMB
Technical Assistance Center (SMB
TAC).
|
Back to Top
Related Information
