Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
3
Helpful
2
Replies

Problem with v5.x signatures

seducer666
Level 1
Level 1

‎09-13-2007 10:12 PM - edited ‎03-10-2019 03:47 AM

Hi

I try to enable IOS IPS on my 7204-G2 router but have few problems.I use IOS c7200p-adventerprisek9-mz.124-15.T1 and signatures IOS-S297-CLI.I use this doc http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html .

At first time when I try to "copy tftp://x.x.x.x/IOS-S297-CLI.pkg idconf" the compilation process is susses but I have this messages: %IPS-4-SIGNATURE_COMPILE_FAILURE , %IPS-4-META_ENGINE_UNSUPPORTED , %IPS-4-SDF_PARSE_FAILED: file disk2:myips/7204-sigdef-default.xml.

After this I have few .xml files in my folder disk2:/myips/,but when I try to active ips on interface all the traffic stops.

At the second try after "copy tftp://x.x.x.x/IOS-S297-CLI.pkg idconf" traffic stops and then router go to reboot.In folder disk2:/myips/ at this time I have more files,but after "ip ips myips in" traffic stops again.

What the problem with signatures compilation? Maybe this is a bug in IOS or something.

Labels:
0 Helpful
2 Replies 2

amritpatek
Level 6
Level 6

‎09-19-2007 01:34 PM

You are getting these errors because you are trying to compile all signatures at a single go, which is not recommended. The v5

style signatures are common to the IOS IPS and the IDS/IPS sensor appliances but IOS IPS does not support all of the signature engines (hence the META_ENGINE_UNSUPPORTED errors) and most IOS platforms will not have sufficient CPU and memory resources to compile *all* the supported ones. In other words, the behavior you experienced is normal, the solution is to start with retiring all signature categories and then gradually enable those you need. Following link may help you

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html#wp1064428

seducer666
Level 1
Level 1
In response to amritpatek

‎09-25-2007 09:43 PM

Thanks

I read the manual twice and fined solution to correct using 5.x signatures.

Ok,IPS work ,but I have few questions.

With working IPS my G2 have 70% cpu usage,and I must turn on IPS only for few networks,when I use 4.x IPS I use access-list "ip ips name myips list 141" ,it looks like:

"10 permit ip 192.168.3.0 255.255.255.0 any

20 permit ip any 192.168.3.0 255.255.255.0"

Everething work fine,IPS working only for network 3.

Now with 5.x IPS I try use the same access-list but when I turn IPS on the interface all the traffic stops. Without access-list all working fine.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card