Solved: Re: 2651XM IPS Signature Update?

pdntspa107 · ‎10-06-2010

Hello,

I have a 2651XM 256MB/32MB running 12.4(25) and I would like to update the IPS signature file. I see that the last update for 256MB.sdf was from Aug 2008. The latest IPS I found is IPS-sig-S518-req-E4.pkg from

http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Intrusion+Prevention+System+%28IPS%29+Signature+Updates&mdfid=277801011&treeName=Security&mdfLevel=Model&url=null&modelName=Cisco+2651XM+Multiservice+Router&isPlatform=N&treeMdfId=268...

I've tried the command

ip ips sdf location flash:\\IPS-sig-S518-req-E4.pkg

&

ip ips sdf location flash:IPS-sig-S518-req-E4.pkg

but when I apply IPS to an interface and run 'show ip ips all' no signatures load and I get a message 'invalid token'.

I also tried seeing if the latest SDM will help but nothing.

My question is, what is it that I am doing wrong or missing? Is my router too old to be able to get the latest signature files?

Any advice or guidance to the right direction is much appreciated.

Thanks

Scott Fringer · ‎10-07-2010

You have a version of IOS that includes the older version of the IOS IPS feature (referred to as v4). This release only supports signature updates using the SDF formatted files. These files are no longer updated.

The signature update file you found (ending in .pkg) is the signature update package supported by Cisco's IPS appliances and is not compatible with the IOS IPS feature set.

The current IOS IPS feature (referred to as v5) also makes use of .pkg files. You will need to upgrade the IOS of your 2651 to a release in the T train such as 12.4(24)T2 to obtain the latest IOS IPS feature release.

You can find out more about the IOS IPS feature set here:

http://www.cisco.com/go/iosips

For starting with IOS IPS v5:

http://www.cisco.com/en/US/products/ps6634/products_tech_note09186a008097db66.shtml

Scott

View solution in original post

Scott Fringer · ‎10-07-2010

You have a version of IOS that includes the older version of the IOS IPS feature (referred to as v4). This release only supports signature updates using the SDF formatted files. These files are no longer updated.

The signature update file you found (ending in .pkg) is the signature update package supported by Cisco's IPS appliances and is not compatible with the IOS IPS feature set.

The current IOS IPS feature (referred to as v5) also makes use of .pkg files. You will need to upgrade the IOS of your 2651 to a release in the T train such as 12.4(24)T2 to obtain the latest IOS IPS feature release.

You can find out more about the IOS IPS feature set here:

http://www.cisco.com/go/iosips

For starting with IOS IPS v5:

http://www.cisco.com/en/US/products/ps6634/products_tech_note09186a008097db66.shtml

Scott

pdntspa107 · ‎10-08-2010

That was exactly what I needed to do. I've read those articles over before I posted and it never occurred to me that the "T" was an absolute necessity and not just version number. Is there a page that describes the differences between T, ED, MD, etc?

Thank you very much Scott for your help and directing me to more valuable information.

Scott Fringer · ‎10-08-2010

Glad that information helped out.

This is one of the confusing issues of IOS versioning. I am not aware of a specific link that breaks this out (I don't work directly with IOS support, only the IPS feature set). I do know that the T train is usually where new features are tested. These features are then rolled into the next mainline (so IOS 15.0 also has the IOS IPS v5 feature set).

Scott