There are 2 types of IDS/IPS for Cisco Access Routers.
There is the NM-CIDS modules, and there is the IOS IPS feature where the IPS functionality is built directly into the IOS of the router rather than using a separate module.
The NM-CIDS module is a fully functional IDS. It runs the same software as the other Cisco IPS Appliances and Modules and supports the full set of signatures and signature engines.
HOWEVER, the NM-CIDS does not support InLine monitoring, and can only do promiscuous monitoring.
The IOS IPS built directly into IOS has minimized IPS functionality, but can do InLine monitoring.
The IOS IPS supports many but not all signature engines that are supported in the IPS Appliances. If a signature (like 5799) can only be written using one of the engines not supported by IOS IPS, then the IOS IPS feature can not monitor for the vulnerability.
Whether to use IOS IPS, NM-CIDS, or an IPS Appliance will depend on your deployment and available funds.
Both NM-CIDS and IPS Appliances cost more than IOS IPS because of the additional hardware, and additional features.
If cost is your biggest constraint, then IOS IPS may be an effective alternative. You pay less for IOS IPS, but you need to understand that it will not provide the same level of signature coverage, and some attacks can't be monitored for by IOS IPS.
Some environments are WAN to WAN connections with no Ethernet in between. Appliances won't work in these environments because Appliances need Ethernet connections.
So NM-CIDS and IOS IPS are your only choices.
If you want promiscuous monitoring for your internet connection and the additional cost of the sensor is not a problem, then the NM-CIDS is a good purchase. It provides full signature converage promiscuously at less cost than the typical appliances.
If you want InLine monitoring then an Appliance or IOS IPS are your only options.
So you see it will depend on your type of deployment and available funds that will often determine which type of sensor to go with.
What we are seeing more and more often now is a hybrid deployment. The customer will purchase Appliances monitoring InLine to put in front of primary servers. But instead of spending the additional cost of Appliances for other areas of the network, they will instead purchase IOS IPS or NM-CIDS for monitoring those other areas of the network. This way get the best coverage for their most important servers, and provide at least some coverage for everything else.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :