Thanks Adrian and Piotr!
Thats a well written white paper. I am all sorted now. Although the
documentation of 12.4.T still makes reference to that CLI, which AFAICS,
does not exist on the code :-)
Sadiq
On Sun, May 16, 2010 at 7:19 AM, Piotr Matusiak <pitt2k_at_gmail.com> wrote:
> Hi Sadiq,
>
> You're looking at wrong document (it's for 12.4). Take a look at:
>
>
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod
_white_paper0900aecd805c4ea8.pdf
>
> HTH,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security)
> Technical Instructor
> website: www.MicronicsTraining.com
> blog: www.ccie1.com
>
> �If you can't explain it simply, you don't understand it well enough� -
> Albert Einstein
>
>
> 2010/5/16 Sadiq Yakasai <sadiqtanko_at_gmail.com>
>
>> Hi guys,
>>
>> It seems to me like the documentation says we can load the signature
>> definition file via the command "ip ips sdf location .." , as reported by
>> [1] below, but this seems to be not supported on the box.
>>
>> Well, I went ahead and configured my IPS policy on the router, but as it
>> were, I could not enable the icmp echo and echo-reply signatures (2000 and
>> 2004).
>>
>> Any help/pointers would be very helpful.
>>
>> Thanks,
>> Sadiq
>>
>> [1]
>>
>>
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cf
g_ips_external_docbase_0900e4b180de56d7_4container_external_docbase_0900e4b18
0e076b5.html#wp1175461
>>
>> R6(config)#ip ips ?
>> auto-update Auto Update
>> config Location of IPS configuration files
>> deny-action Specify Deny action
>> event-action-rules Event Action Rules (SEAP)
>> fail Specify what to do during any failures
>> name Specify an IPS rule
>> notify Specify the notification mechanisms (SDEE or log)
>> for
>> the alarms
>> signature-category Signature Category
>> signature-definition Signature Definition
>>
>> R6#
>> R6#conf t
>> Enter configuration commands, one per line. End with CNTL/Z.
>> R6(config)#ip ips si
>> R6(config)#ip ips signature-de
>> R6(config)#ip ips signature-definition
>> R6(config-sigdef)#si
>> R6(config-sigdef)#signature 2000 0
>> Unable to locate sig 2000:0
>> R6(config-sigdef)#si
>> R6(config-sigdef)#signature ?
>> <1-65535> Signature ID value
>>
>> R6(config-sigdef)#signature
>> % Incomplete command.
>>
>> R6(config-sigdef)#
>> R6(config-sigdef)#
>> R6(config-sigdef)#end
>> R6#
>> R6#
>> R6#dir
>> May 15 22:57:44.932: %SYS-5-CONFIG_I: Configured from console by console
>> R6#dir
>> Directory of flash:/
>>
>> 1 -rw- 5650 May 8 2010 16:40:48 +00:00 -0
>> 2 -rw- 5650 May 8 2010 17:10:14 +00:00 -1
>> 3 -rw- 5834 May 8 2010 23:02:20 +00:00 -2
>> 4 -rw- 5834 May 8 2010 23:10:14 +00:00 -3
>> 5 -rw- 1823 Feb 22 2007 09:09:30 +00:00 sdmconfig-2811.cfg
>> 13 drw- 0 May 15 2010 22:32:30 +00:00 IPS
>> 6 -rw- 833024 Feb 22 2007 09:10:16 +00:00 es.tar
>> 7 -rw- 1052160 Feb 22 2007 09:10:34 +00:00 common.tar
>> 8 -rw- 1038 Feb 22 2007 09:10:50 +00:00 home.shtml
>> 9 -rw- 102400 Feb 22 2007 09:11:04 +00:00 home.tar
>> *10 -rw- 491213 Feb 22 2007 09:11:22 +00:00 128MB.sdf*
>> 11 -rw- 398305 Feb 22 2007 09:12:04 +00:00
>> sslclient-win-1.1.0.154.pkg
>> 12 -rw- 60324084 Mar 19 2010 11:03:00 +00:00
>> c2800nm-adventerprisek9_sna-mz.124-24.T1.bin
>>
>> 64016384 bytes total (733184 bytes free)
>> R6#
>> R6#sh ver | i IOS
>> Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9_SNA-M), Version
>> 12.4(24)T1, RELEASE SOFTWARE (fc3)
>> R6#
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
--
CCIE #19963
Blogs and organic groups at http://www.ccie.net
Received on Sun May 16 2010 - 11:21:39 ART