when i try "router conf>ip audit" i get a 'not recognized command' which i guess is b/c its not part of the 12.4 features.
i tried the ios navigator and found i might need c1841-advsecurityk9-mz.151-2.T.bin HOWEVER when using the tool i requested BOTH IP SEC & IDS no products were found.
questions: 1. what do i need for an ids with my 1841? ios? software based (like snort?) is it true i must have a network tap or a switch with a span port? 2. is there an ios that has both crypto and IDS?
not IPS rather IDS, unless im missing something and the IPS includes an IDS in it?
i also have an ASA 5510 which i am not using since i lack the know how of how to use it with the 1841, the idea was to leave the routing to the 1841 and let the ASA handle the VPN and whatever else it can do (which is?) but how to make them work together etc i need to learn.
but if the ASA can do IDS it could work, buit i didnt see any product for the ASA that CAN. i saw an IPS module for the ASA however as i mentioned above i need an IDS not IPS.
any help / point of view is appreciated. so far i learned the 1841 doesnt have enough "umph". is the 2800 the next platform with enough umph?
The IPS options available from Cisco can be configured to operate in IDS mode; the difference being whether the device is configured to operate inline of the traffic flow (IPS) or only inspecting a copy of the traffic (IDS). Both the AIM-IPS module for the Cisco 1841 and the AIP-SSMs for the ASA can be configured to operate like an IDS by being configured in promiscuous mode.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...