Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
5
Helpful
6
Replies

1841 router ips problems

Go to solution
ddolbel
Level 1
Level 1

‎02-06-2008 08:16 PM - edited ‎03-03-2019 08:36 PM

Hi, I currently have a cisco 1841 router and i'm trying to upgrade it to ips v5 sigs

however it seem that it won't let me, all it will accept is the .sdf files,

i'm running ios c1841-adventerprisek9-mz.124-18.bin

however it doesn't seem to support the v5, can anyone let me a hand or point me in the right direction where i'm going wrong? Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to Collin Clark

‎02-07-2008 02:28 PM

I don't have enough memory, an upgrade kit has already been ordered, but I don't know when it will get here. I'll try an remember to test and post.

Try IOS version 12.4(15)T3

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎02-07-2008 06:52 AM

I made a cut sheet for when I had to deploy a bunch. Follow these steps and it should work. I'm assuming you have the correct DRAM/Flash and IOS.

=============================================

configure terminal

logging console debug

crypto key pubkey-chain rsa

named-key realm-cisco.pub signature

key-string

30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101

00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16

17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128

B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E

5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35

FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85

50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36

006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE

2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3

F3020301 0001

quit

exit

exit

end

mkdir flash:/ips5

configure terminal

ip ips config location flash:/ips5

ip ips name acme-ios-ips

ip ips notify SDEE

ip ips signature-category

category all

retired true

exit

category ios_ips advanced

retired false

exit

exit

end

copy flash:/IOS-S302-CLI.pkg idconf

configure t

interface fa4

ip ips acme-ios-ips in

interface vlan 1

ip ips acme-ios-ips in

ip ips acme-ios-ips out

end

**************************************************************************************

To Update the signature on the router

**************************************************************************************

copy tftp:///IOS-S###-CLI.pkg flash:

copy flash:IOS-S###-CLI.pkg idconf

**************************************************************************************

Helpful Commands

**************************************************************************************

show ip ips configuration

show ip ips signature

show ip ips signature counts

**************************************************************************************

To load new signature packages, reload the router or remove and

re-configure the IPS policy on the interfaces.

**************************************************************************************

int fa4

no ip ips acme-ios-ips in

int vlan 1

no ip ips acme-ios-ips in

no ip ips acme-ios-ips out

int fa4

ip ips acme-ios-ips in

int vlan 1

ip ips acme-ios-ips in

ip ips acme-ios-ips out

**************************************************************************************

Reference

**************************************************************************************

http://www.cisco.com/en/US/products/ps6634/products_white_paper0900aecd805c4ea8.shtml

HTH

Go to solution
ddolbel
Level 1
Level 1

‎02-07-2008 01:03 PM

hi thanks for your reply,

This all works fine

configure terminal

logging console debug

crypto key pubkey-chain rsa

named-key realm-cisco.pub signature

key-string

30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101

00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16

17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128

B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E

5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35

FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85

50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36

006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE

2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3

F3020301 0001

quit

exit

exit

end

mkdir flash:/ips5

configure terminal

until

this line ip ips config location flash:/ips5

when i do a ip ips ? these are the options available to me.

Router(config)#ip ips ?

deny-action Specify Deny action

fail Specify what to do during any failures

name Specify an IPS rule

notify Specify the notification mechanisms (SDEE, nr-director or log)

for the alarms

sdf Specify the location of the signature definition file

signature Add a policy to a signature

its like it still stuck in version 4 and

this ip ips signature-category

is just not a option

Router(config)#ip ips signature ?

<1-65535> Signature to be configured

This is my first 1841 that I have had to configure I have ips working fine on the 870 range.

I appreaciate any help you can provide.

Thanks again

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to ddolbel

‎02-07-2008 01:06 PM

I have an 1841 in the lab, let me see if I can get it working....

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to Collin Clark

‎02-07-2008 02:28 PM

I don't have enough memory, an upgrade kit has already been ordered, but I don't know when it will get here. I'll try an remember to test and post.

Try IOS version 12.4(15)T3

0 Helpful

Go to solution
ddolbel
Level 1
Level 1
In response to Collin Clark

‎02-07-2008 03:34 PM

ok will do, what feature set are you running?

thanks again for all your help.

0 Helpful

Go to solution
ddolbel
Level 1
Level 1
In response to ddolbel

‎02-07-2008 04:47 PM

ok, you were right on the money thanks, i'm now running c1841-adventerprisek9-mz.124-15.T3.bin

and ips v5 is up configured and running, thanks so much for all your help

many thanks again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card