Filter
Top Products
44-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 44 Configuring IOS IPS Routers
Overview of Cisco IOS IPS Configuration
Cisco IOS IPS is a more limited feature meant for branch offices and small to medium sized networks,
or to distribute IPS throughout a network. You typically cannot employ as many signatures in a Cisco
IOS IPS router compared to a dedicated appliance. You also cannot configure advanced features such as
global correlation, because Cisco IOS IPS is based on IPS Software version 5.1. When configuring Cisco
IOS IPS devices, you are mostly configuring standard router policies, because the device is a router that
is running a few IPS features. In comparison, the platform policies for IPS appliances and service
modules are specific to IPS software.
Tip Before configuring Cisco IOS IPS, read Cisco IOS Intrusion Prevention System Deployment Guide on
Cisco.com.
Step 1 Install and connect the device to your network. Install the device software and perform basic device
configuration. Install the licenses required for all of the services running on the device. The amount of
initial configuration that you perform influences what you will need to configure in Security Manager.
For information about required basic settings, see:
• Setting Up SSL on Cisco IOS Routers, page 2-4
• Setting Up SSH, page 2-5
• Configuring Licenses on Cisco IOS Devices, page 2-12
• Initial Preparation of a Cisco IOS IPS Router, page 44-5
• Selecting a Signature Category for Cisco IOS IPS, page 44-6
Step 2 Add the device to the Security Manager device inventory (see Adding Devices to the Device Inventory,
page 3-6). When you add the device be sure to make the following selections:
• When adding from Network or Export File, ensure that you select IPS Policies for policy discovery.
• When adding from Configuration File or by Manual Definition, ensure that you select IPS from the
Options list, or the device will not be IPS-capable from Security Manager’s point of view.
Step 3 Configure the IPS general settings to specify the location of the IPS files on the router. For more
information, see Configuring General Settings for Cisco IOS IPS, page 44-7.
Step 4 Configure the IPS interface rules to enable IPS and to identify the interfaces on which traffic will be
subject to IPS inspection. For more information, see Configuring IOS IPS Interface Rules, page 44-8.
Step 5 Configure IPS signatures and event actions. Event action policies are easier to configure than creating
custom signatures, so try to use event action filters and overrides to modify signature behavior before
trying to edit specific signatures. For more information, see the following topics:
• Chapter 39, “Configuring Event Action Rules”
• Configuring Signatures, page 38-4
Step 6 Maintain the device:
• Update and redeploy configurations as necessary.
• Apply updated signature and engine packages. For information about checking for updates, applying
them, and setting up regular automated updates, see Managing IPS Updates, page 43-4.