IOS IPS - can we still tie a signature to an ACL?

Unanswered Question
Aug 7th, 2007

Does anyone know how to tie a signature to an ACL that references a particular IP address or subnet? We used to be able to do it like this:

ip access-list standard 50

deny x.x.41.21

deny x.x.72.93

permit any


ip access-list standard 51

deny x.x.98.72

permit any

ip ips signature 2000 list 50

ip ips signature 2004 list 51

This does not work with the latest IOS on an 871.Any ideas on how it is implemented now?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vmoopeung Mon, 08/13/2007 - 13:01

To configure a sensor to detect ACL violation signatures, you must first configure one or more Cisco IOS routers to log ACL violations. Then, you must configure those routers to communicate with the sensor. Finally, you must configure the sensor to accept syslog traffic from those routers. You can configure the following properties for each ACL signature:

Gerard Roy Tue, 08/14/2007 - 15:58

I am sorry to say but this has nothing to do with the way it is configured. This is an IOS router with built-in signatures. It does not have an IPS module and it is not a sensor.

Any other ideas?


This Discussion