ASK THE EXPERT - IPS AIM ON THE CISCO ISR

Unanswered Question
Dec 7th, 2007

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn about Intrusion Prevention System Advanced Integration Module on Cisco Integrated Services Router, with Cisco experts Tom Fulton and Tina Lam. Tom is a technical marketing engineer for Security in the Access Routing Technology Group.

He brings field experience as a former Cisco systems engineer in the Silicon Valley and a seasoned background in Linux and Application layer security. Tom has 10 years of experience in the information security industry. He has helped design security solutions for Fortune 500 companies. As a product manager for the Cisco Integrated Services Router, Tina is primarily responsible for integrated security for small and medium-sized businesses as well as commercial and enterprise branch offices. She has worked at Cisco since 1998 and has been a hardware engineer for the Cisco 10000 Series Router and a technical marketing engineer for the Cisco 3600, 3700, and 3800 series of routers. She has a Bachelor of Arts degree in physics and mathematics from the University of Chicago and a Master of Science degree in electrical engineering from Stanford University.

Remember to use the rating system to let Tom and Tina know if you have received an adequate response.

Tom and Tina might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through December 21, 2007. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
ccbootcamp Fri, 12/07/2007 - 23:58

hi! what are the limitations/differences between the AIM-IPS module and an IPS 4200 series sensor?

-brad

www.ccbootcamp.com

(please rate the post if this helps!)

tinalam Mon, 12/10/2007 - 09:36

1) IPS AIM targets integrated IPS for enterprise branch offices and SMB while IPS 4200 targets enterprise campus and data centers.

2) IPS AIM runs up to 45 Mbps on Cisco 3800 while IPS 4200 can scale up to 2 Gbps.

3) IPS AIM plugs into Cisco 1841, 2800 and 3800 and can monitor any layer 3 interfaces on the router.

4) IPS AIM does not support virtual sensors.

ccbootcamp Sat, 12/08/2007 - 21:58

Soo...Im using my lovely Cisco 2811 ISR router, and the thing can't handle the following IPS sigs:

ip ips signature-category

category all

retired true

event-action reset-tcp-connection deny-packet-inline produce-alert

category attack

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

category ddos

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

category dos

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

category viruses/worms/trojans

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

category ios_ips advanced

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

category ios_ips basic

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

category reconnaissance

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

category web_server internet_information_server_(iis)

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

category os

retired false

enabled true

event-action reset-tcp-connection deny-packet-inline produce-alert

I try to load these babies into memory, and the router keeps dieing on me. How is the IPS AIM going to effect this? Are we going to need more DRAM on the routers to handle the additional signatures???

-brad

tinalam Mon, 12/10/2007 - 09:41

Your problem has to do with running IOS IPS, the software based IPS, on ISR. IPS AIM is a hardware based IPS for ISR. IPS AIM has dedicated memory on the module to store all IPS signatures and does not require additional memory on the router.

isgphyd12 Mon, 12/10/2007 - 01:25

Hi,

I do have one 6509 -FWSM & IDSM-2, please suggest me the best way to use IDSM-2 ,Like Promi mode with SPAN/VACL or Inline with Virtual int. I configured FWSM as multi FW context so what device i can use as a Blocker

Thanks

tinalam Mon, 12/10/2007 - 09:37

This forum is for IPS AIM on ISR only and does not cover IDSM2 on 6500. Please contact Cisco TAC or your local Cisco representative.

Roshan8484 Mon, 12/10/2007 - 18:16

Hello,

I would like to setup a VPN connection from one of my small satellite offices to the main office. How would I go about doing this? Do I need a VPN server and VPN Client? Can I use the Cisco 1800 Series Router as a VPN Server? Is there a cheaper solution to getting a VPN Server

tinalam Tue, 12/11/2007 - 09:53

This forum is for the intrusion prevention solution on ISR.

The quick answer to your question is any IOS based router, can act as both VPN server and VPN client. The differnce is in the number of VPN tunnel that it can support.

cco-wallace Wed, 12/12/2007 - 23:00

When is IPS AIM going to be on CCIE Security lab? Will it run the same IOS as the sensors used on the lab exam?

tinalam Mon, 12/17/2007 - 15:41

I can't answer on the CCIE security lab. It's up to the CCIE committee.

Actions

This Discussion