Is anyone else having high memory issues when using ver 5? I have installed on a 1801 with 128 M memory. It only has 4 M free now. Is there a way to reduce the active signatures? I have disbaled some but the number of active is still at 338.
You are really beat the router to its memory limit. You used almost all the of security features in this little box - ios fw, appfw, ios ips, vpn, sslvpn, nat, netflow, nbar. Out of those, appfw, ios ips and nbar/nat will require the most memory. I would recommend you either upgrade your router memory or tune the ios ips signatures, to reduce ips memory usage.
Thanks for the confirmation. We have back tracked to IPS 4. But I see that the latest version of the IOS only supports ver 5. So some day we are going to have to make a decision. I have looked at memory upgrades and we can not get any third party RAM and the Cisco RAM is more than the whole router originally cost! $1,800 NZD!!
Sorry I can not comment on the RAM thing. I think you have to go through with your partner or account team for the process.
For the IOS IPS support, starting 12.4(11)T, it only supports IOS IPS in 5.x signature format. For prior releases, it is 4.x signature format. Those two and not compatible, but I do see the latest version is a lot easier to configure/manage compared to previous version.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...