Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with v5.x signatures


I try to enable IOS IPS on my 7204-G2 router but have few problems.I use IOS c7200p-adventerprisek9-mz.124-15.T1 and signatures IOS-S297-CLI.I use this doc .

At first time when I try to "copy tftp://x.x.x.x/IOS-S297-CLI.pkg idconf" the compilation process is susses but I have this messages: %IPS-4-SIGNATURE_COMPILE_FAILURE , %IPS-4-META_ENGINE_UNSUPPORTED , %IPS-4-SDF_PARSE_FAILED: file disk2:myips/7204-sigdef-default.xml.

After this I have few .xml files in my folder disk2:/myips/,but when I try to active ips on interface all the traffic stops.

At the second try after "copy tftp://x.x.x.x/IOS-S297-CLI.pkg idconf" traffic stops and then router go to reboot.In folder disk2:/myips/ at this time I have more files,but after "ip ips myips in" traffic stops again.

What the problem with signatures compilation? Maybe this is a bug in IOS or something.


Re: Problem with v5.x signatures

You are getting these errors because you are trying to compile all signatures at a single go, which is not recommended. The v5

style signatures are common to the IOS IPS and the IDS/IPS sensor appliances but IOS IPS does not support all of the signature engines (hence the META_ENGINE_UNSUPPORTED errors) and most IOS platforms will not have sufficient CPU and memory resources to compile *all* the supported ones. In other words, the behavior you experienced is normal, the solution is to start with retiring all signature categories and then gradually enable those you need. Following link may help you

New Member

Re: Problem with v5.x signatures


I read the manual twice and fined solution to correct using 5.x signatures.

Ok,IPS work ,but I have few questions.

With working IPS my G2 have 70% cpu usage,and I must turn on IPS only for few networks,when I use 4.x IPS I use access-list "ip ips name myips list 141" ,it looks like:

"10 permit ip any

20 permit ip any"

Everething work fine,IPS working only for network 3.

Now with 5.x IPS I try use the same access-list but when I turn IPS on the interface all the traffic stops. Without access-list all working fine.

CreatePlease login to create content