We have a number of 881 routers with firewall and ips services as part of the ios.
I am looking for some easy to read docs to help us get started configuring the ips services, identify traffic severities and threat levels and understand how to drop specific traffic based on this as well as signatures.
is it easier to do this with cli or the gui?
can we use the same docs and logistics to the ips module on our asa's?
The simplest way to go about this is via the CCP GUI. This will get you "in the ballpark" with some preconfigured firewall settings (low, medium, high). Once you get familiar with how the different levels are configured you can then go into the edit mode and tweak the firewall settings to fit your particular configuration. If you are a CLI junkie then you do need to be mindful of your configurations.
To some degree the ASA info will help you but you would be better off using the CCP users manual to get a better description of how the IOS firewall and the IDS configurations are set up.
There is a known IOS bug that you will need to be familiar with. The following link expains it very well:
Bottom line is you will probably need to upgrade the IOS in the 881's to be able to run any sensor version after S639.
I can assure you by my own discovery, the 881 will not work if you have an older IOS version and you attempt to install a sensor of S640 or higher. I found that out the hard way as this information was not privy to me at the time I installed S640. It took a bit of doing but I did recover and now have the latest IOS as well as the latest sensor version.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...