Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IOS IPS - can we still tie a signature to an ACL?

Does anyone know how to tie a signature to an ACL that references a particular IP address or subnet? We used to be able to do it like this:

ip access-list standard 50

deny x.x.41.21

deny x.x.72.93

permit any

!

ip access-list standard 51

deny x.x.98.72

permit any

ip ips signature 2000 list 50

ip ips signature 2004 list 51

This does not work with the latest IOS on an 871.Any ideas on how it is implemented now?

2 REPLIES
Bronze

Re: IOS IPS - can we still tie a signature to an ACL?

To configure a sensor to detect ACL violation signatures, you must first configure one or more Cisco IOS routers to log ACL violations. Then, you must configure those routers to communicate with the sensor. Finally, you must configure the sensor to accept syslog traffic from those routers. You can configure the following properties for each ACL signature:

http://www.cisco.com/en/US/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080104f44.html

New Member

Re: IOS IPS - can we still tie a signature to an ACL?

I am sorry to say but this has nothing to do with the way it is configured. This is an IOS router with built-in signatures. It does not have an IPS module and it is not a sensor.

Any other ideas?

134
Views
0
Helpful
2
Replies
CreatePlease to create content