Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IOS IPS - can we still tie a signature to an ACL?

Does anyone know how to tie a signature to an ACL that references a particular IP address or subnet? We used to be able to do it like this:

ip access-list standard 50

deny x.x.41.21

deny x.x.72.93

permit any


ip access-list standard 51

deny x.x.98.72

permit any

ip ips signature 2000 list 50

ip ips signature 2004 list 51

This does not work with the latest IOS on an 871.Any ideas on how it is implemented now?


Re: IOS IPS - can we still tie a signature to an ACL?

To configure a sensor to detect ACL violation signatures, you must first configure one or more Cisco IOS routers to log ACL violations. Then, you must configure those routers to communicate with the sensor. Finally, you must configure the sensor to accept syslog traffic from those routers. You can configure the following properties for each ACL signature:

New Member

Re: IOS IPS - can we still tie a signature to an ACL?

I am sorry to say but this has nothing to do with the way it is configured. This is an IOS router with built-in signatures. It does not have an IPS module and it is not a sensor.

Any other ideas?

CreatePlease to create content