11-20-2001 12:00 PM - edited 03-08-2019 09:13 PM
Hi,
I was hoping someone could help me configure IDS on an 827. I will attach a copy of the config below. We are using a syslog server.
The book I am reading tells me to use these three commands:
ip audit notify log
ip audit name ids info action alarm
ip audit name ids attack action alarm drop reset
interface dialer 1
ip audit ids in
The problem is that when I go into global mode, I don't have the command "ip audit ..."
Any help is appreciated.
Mike
-------------------------------------------------
version 12.2
no parser cache
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
!
hostname XXXXXX_827
!
logging rate-limit console 10 except errors
logging trap debugging
logging 192.168.1.4
enable secret 5 $1$EDXy$4ZO0kuIMdzCTNBviQCGj61
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip domain-lookup
ip name-server 206.13.29.12
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
!
ip dhcp pool address_pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 206.13.28.12
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw http timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw sqlnet timeout 3600
ip inspect name myfw streamworks timeout 3600
ip inspect name myfw tcp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw vdolive timeout 3600
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
lcp max-session-starts 0
!
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface Dialer1
ip address negotiated
ip access-group 112 in
ip mtu 1492
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 2
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxxx@sbcglobal.net password 7 0719244F5A060B
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 112 deny tcp any any
access-list 112 deny udp any any
access-list 112 permit icmp any any unreachable
access-list 112 permit icmp any any echo-reply
access-list 112 permit icmp any any packet-too-big
access-list 112 permit icmp any any time-exceeded
access-list 112 permit icmp any any traceroute
access-list 112 permit icmp any any administratively-prohibited
access-list 112 permit icmp any any echo
access-list 112 deny ip any any
dialer-list 2 protocol ip permit
banner motd ^CAuthorized Users Only!^C
!
line con 0
stopbits 1
line vty 0 4
password XXXXXXX
login
!
scheduler max-task-time 5000
end
11-20-2001 12:27 PM
Going through Feature Navigator it appears that Firewall Intrusion Detection System is not a supported feature for the 800 series routers:
Look through the Platform Family and you will not see it as an option.
By contrast if you just select the Firewall Feature Set then the following router families are selectable in the Platform Family: 800, 805, 820
11-20-2001 02:25 PM
Good Call.
I don't know how I missed sonething like that.
Thank you!
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide