IPS on Cisco881 router

network770 · ‎08-21-2012

We have a number of 881 routers with firewall and ips services as part of the ios.

I am looking for some easy to read docs to help us get started configuring the ips services, identify traffic severities and threat levels and understand how to drop specific traffic based on this as well as signatures.

is it easier to do this with cli or the gui?

can we use the same docs and logistics to the ips module on our asa's?

any help is appreciated.

turnera · ‎08-22-2012

The simplest way to go about this is via the CCP GUI. This will get you "in the ballpark" with some preconfigured firewall settings (low, medium, high). Once you get familiar with how the different levels are configured you can then go into the edit mode and tweak the firewall settings to fit your particular configuration. If you are a CLI junkie then you do need to be mindful of your configurations.

To some degree the ASA info will help you but you would be better off using the CCP users manual to get a better description of how the IOS firewall and the IDS configurations are set up.

There is a known IOS bug that you will need to be familiar with. The following link expains it very well:

http://tools.cisco.com/security/center/viewBulletin.x?bId=478&year=2012

Bottom line is you will probably need to upgrade the IOS in the 881's to be able to run any sensor version after S639.

I can assure you by my own discovery, the 881 will not work if you have an older IOS version and you attempt to install a sensor of S640 or higher. I found that out the hard way as this information was not privy to me at the time I installed S640. It took a bit of doing but I did recover and now have the latest IOS as well as the latest sensor version.