Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

AIM-IPS in 18xx/28xx vs IOS IPS in 29xx series routers

I am contemplating upgrade options for a 1841 equipped with an AIM-IPS card.  The IOS-IPS in the 18xx/28xx routers was limited in the number of active signatures and therefore we went with the AIM-IPS card.  Are there similar limitations with the 29xx series routers, or does the new platform’s added memory/processor speed eliminate the limitations with a purely IOS-IPS based solution?

So far I have been unable to find any documentation directly addressing limitations of IOS-IPS in 29xx routers so I thought I would check and see if anyone here had either found some documentation and/or had firsthand experience with IOS-IPS in the 29xx series.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: AIM-IPS in 18xx/28xx vs IOS IPS in 29xx series routers

Yes, the IOS IPS feature set on all platforms carries the same signature engine limitations.  One variable limitation is the potential number of signatures that can be compiled into memory; this is based on available resources on the specific platform (and the reason for the 'basic' and 'advanced' IOS IPS category sets).  These two categories are provided to allow convenient configuration on low-memory (basic category) and high-memory (advanced category) routers.

The largest difference is that some signature engines available in Cisco's appliance/module-based solutions are not available in the software-based IOS IPS feature set.

Scott

1 REPLY
Cisco Employee

Re: AIM-IPS in 18xx/28xx vs IOS IPS in 29xx series routers

Yes, the IOS IPS feature set on all platforms carries the same signature engine limitations.  One variable limitation is the potential number of signatures that can be compiled into memory; this is based on available resources on the specific platform (and the reason for the 'basic' and 'advanced' IOS IPS category sets).  These two categories are provided to allow convenient configuration on low-memory (basic category) and high-memory (advanced category) routers.

The largest difference is that some signature engines available in Cisco's appliance/module-based solutions are not available in the software-based IOS IPS feature set.

Scott

472
Views
0
Helpful
1
Replies
CreatePlease to create content