Hi,

I was hoping someone could help me configure IDS on an 827. I will attach a copy of the config below. We are using a syslog server.

The book I am reading tells me to use these three commands:

ip audit notify log

ip audit name ids info action alarm

ip audit name ids attack action alarm drop reset

interface dialer 1

ip audit ids in

The problem is that when I go into global mode, I don't have the command "ip audit ..."

Any help is appreciated.

Mike

-------------------------------------------------

version 12.2

no parser cache

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log datetime

no service password-encryption

!

hostname XXXXXX_827

!

logging rate-limit console 10 except errors

logging trap debugging

logging 192.168.1.4

enable secret 5 $1$EDXy$4ZO0kuIMdzCTNBviQCGj61

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

no ip domain-lookup

ip name-server 206.13.29.12

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.2

ip dhcp excluded-address 192.168.1.3

!

ip dhcp pool address_pool

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 206.13.28.12

!

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw h323 timeout 3600

ip inspect name myfw http timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw sqlnet timeout 3600

ip inspect name myfw streamworks timeout 3600

ip inspect name myfw tcp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw vdolive timeout 3600

ip ssh time-out 120

ip ssh authentication-retries 3

no ip dhcp-client network-discovery

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

lcp max-session-starts 0

!

crypto mib ipsec flowmib history tunnel size 200

crypto mib ipsec flowmib history failure size 200

!

!

!

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface ATM0

no ip address

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

hold-queue 224 in

!

interface ATM0.1 point-to-point

pvc 0/35

pppoe-client dial-pool-number 1

!

!

interface Dialer1

ip address negotiated

ip access-group 112 in

ip mtu 1492

ip nat outside

ip inspect myfw out

encapsulation ppp

dialer pool 1

dialer-group 2

no cdp enable

ppp authentication pap callin

ppp pap sent-username xxxxxxx@sbcglobal.net password 7 0719244F5A060B

!

ip nat inside source list 1 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 112 deny tcp any any

access-list 112 deny udp any any

access-list 112 permit icmp any any unreachable

access-list 112 permit icmp any any echo-reply

access-list 112 permit icmp any any packet-too-big

access-list 112 permit icmp any any time-exceeded

access-list 112 permit icmp any any traceroute

access-list 112 permit icmp any any administratively-prohibited

access-list 112 permit icmp any any echo

access-list 112 deny ip any any

dialer-list 2 protocol ip permit

banner motd ^CAuthorized Users Only!^C

!

line con 0

stopbits 1

line vty 0 4

password XXXXXXX

login

!

scheduler max-task-time 5000

end