Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
227
Views
0
Helpful
1
Replies

ios ids

macximuce
Level 1
Level 1

‎06-02-2003 11:30 PM - edited ‎03-09-2019 03:31 AM

10.1.1.0/24(e0) | r1 | 192.168.1.0/24 (s0)

i'd like to enable r1 cbac & ids

I configured cbac as below.

By the way, do not know whether must apply ids direction how.

1.Telnet & web traffic that enter to inbound from outside using ids monitor do wish to .

2.Web traffic that leave interior wishes to do inspect.

r1

ip ins name fw tcp

ip ins name fw http

int e0

descrytion internal

ip address 10.1.1.254 255.255.255.0

ip access-group 100 in

ip ins fw in

int s0

descrytion external

ip address 192.168.1.254 255.255.255.0

ip access-group 110 in

access-list 100 per tcp 10.1.1.0 0.0.0.255 an eq 23

access-list 100 per tcp 10.1.1.0 0.0.0.255 an eq 80

access-list 110 per icmp any any

access-list 110 den ip any any

Labels:
0 Helpful
1 Reply 1

ywadhavk
Cisco Employee
Cisco Employee

‎06-03-2003 05:28 AM

Hi,

The 'ip audit' i.e. the IDS monitoring should be applied to the outside interface in the IN direction. So in your case, the ip audit rule should be applied to the int s0 in the IN direction.

Please use the below guide for procedure to configure the IOS IDS.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm

Hope this helps,

Thanks,

yatin

0 Helpful
Customers Also Viewed These Support Documents