https://community.cisco.com/t5/network-security/problem-with-v5-x-signatures/m-p/856376#M85712 <P>Hi </P><P></P><P>I try to enable IOS IPS on my 7204-G2 router but have few problems.I use IOS c7200p-adventerprisek9-mz.124-15.T1 and signatures IOS-S297-CLI.I use this doc <A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html" target="_blank">http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html</A> .</P><P></P><P>At first time when I try to "copy t<A class="jive-link-custom" href="ftp://x.x.x.x/IOS-S297-CLI.pkg" target="_blank">ftp://x.x.x.x/IOS-S297-CLI.pkg</A> idconf" the compilation process is susses but I have this messages: %IPS-4-SIGNATURE_COMPILE_FAILURE , %IPS-4-META_ENGINE_UNSUPPORTED , %IPS-4-SDF_PARSE_FAILED: file disk2:myips/7204-sigdef-default.xml. </P><P></P><P>After this I have few .xml files in my folder disk2:/myips/,but when I try to active ips on interface all the traffic stops.</P><P></P><P>At the second try after "copy t<A class="jive-link-custom" href="ftp://x.x.x.x/IOS-S297-CLI.pkg" target="_blank">ftp://x.x.x.x/IOS-S297-CLI.pkg</A> idconf" traffic stops and then router go to reboot.In folder disk2:/myips/ at this time I have more files,but after "ip ips myips in" traffic stops again.</P><P></P><P>What the problem with signatures compilation? Maybe this is a bug in IOS or something. </P> Sun, 10 Mar 2019 10:47:50 GMT seducer666 2019-03-10T10:47:50Z https://community.cisco.com/t5/network-security/problem-with-v5-x-signatures/m-p/856376#M85712 <P>Hi </P><P></P><P>I try to enable IOS IPS on my 7204-G2 router but have few problems.I use IOS c7200p-adventerprisek9-mz.124-15.T1 and signatures IOS-S297-CLI.I use this doc <A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html" target="_blank">http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html</A> .</P><P></P><P>At first time when I try to "copy t<A class="jive-link-custom" href="ftp://x.x.x.x/IOS-S297-CLI.pkg" target="_blank">ftp://x.x.x.x/IOS-S297-CLI.pkg</A> idconf" the compilation process is susses but I have this messages: %IPS-4-SIGNATURE_COMPILE_FAILURE , %IPS-4-META_ENGINE_UNSUPPORTED , %IPS-4-SDF_PARSE_FAILED: file disk2:myips/7204-sigdef-default.xml. </P><P></P><P>After this I have few .xml files in my folder disk2:/myips/,but when I try to active ips on interface all the traffic stops.</P><P></P><P>At the second try after "copy t<A class="jive-link-custom" href="ftp://x.x.x.x/IOS-S297-CLI.pkg" target="_blank">ftp://x.x.x.x/IOS-S297-CLI.pkg</A> idconf" traffic stops and then router go to reboot.In folder disk2:/myips/ at this time I have more files,but after "ip ips myips in" traffic stops again.</P><P></P><P>What the problem with signatures compilation? Maybe this is a bug in IOS or something. </P> Sun, 10 Mar 2019 10:47:50 GMT https://community.cisco.com/t5/network-security/problem-with-v5-x-signatures/m-p/856376#M85712 seducer666 2019-03-10T10:47:50Z https://community.cisco.com/t5/network-security/problem-with-v5-x-signatures/m-p/856377#M85713 <HTML><HEAD></HEAD><BODY><P>You are getting these errors because you are trying to compile all signatures at a single go, which is not recommended. The v5</P><P>style signatures are common to the IOS IPS and the IDS/IPS sensor appliances but IOS IPS does not support all of the signature engines (hence the META_ENGINE_UNSUPPORTED errors) and most IOS platforms will not have sufficient CPU and memory resources to compile *all* the supported ones. In other words, the behavior you experienced is normal, the solution is to start with retiring all signature categories and then gradually enable those you need. Following link may help you</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html#wp1064428" target="_blank">http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html#wp1064428</A></P></BODY></HTML> Wed, 19 Sep 2007 20:34:36 GMT https://community.cisco.com/t5/network-security/problem-with-v5-x-signatures/m-p/856377#M85713 amritpatek 2007-09-19T20:34:36Z https://community.cisco.com/t5/network-security/problem-with-v5-x-signatures/m-p/856378#M85715 <HTML><HEAD></HEAD><BODY><P>Thanks</P><P>I read the manual twice and fined solution to correct using 5.x signatures.</P><P></P><P>Ok,IPS work ,but I have few questions.</P><P>With working IPS my G2 have 70% cpu usage,and I must turn on IPS only for few networks,when I use 4.x IPS I use access-list "ip ips name myips list 141" ,it looks like: </P><P>"10 permit ip 192.168.3.0 255.255.255.0 any</P><P> 20 permit ip any 192.168.3.0 255.255.255.0"</P><P>Everething work fine,IPS working only for network 3.</P><P></P><P>Now with 5.x IPS I try use the same access-list but when I turn IPS on the interface all the traffic stops. Without access-list all working fine.</P><P></P><P></P></BODY></HTML> Wed, 26 Sep 2007 04:43:25 GMT https://community.cisco.com/t5/network-security/problem-with-v5-x-signatures/m-p/856378#M85715 seducer666 2007-09-26T04:43:25Z