cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
601
Views
4
Helpful
2
Replies

Clarification of some of my studies...

CSCO11733516
Level 1
Level 1

Hey guys-

  Just had some questions pertaining to some IPS functionality, any help will be greatly appreciated!

PS - This is pertaining to the IPS/IDS 4215 if that matters.

1.  When creating an IPS inline-vlan-pair, does it matter which VLAN's get designated as VLAN1 or VLAN2?

2.  Is there anywhere on the Cisco Support Site (the same one you would access from the IE Lab) where I can view all of the IPS signatures that are available.  Both for either the IPS and also the IOS IPS.  I guess I would like to see a list and also know each of the signatures descriptions if possible.

3.  When finalizing a configuration for IOS IPS, is it necessary to run the command IP HTTP SERVER?

2 Replies 2

1.  When creating an IPS inline-vlan-pair, does it matter which VLAN's get designated as VLAN1 or VLAN2?

no, they are equal in functionality. What comes in with Vlan_A gets rewritten to VLAN_B and vice versa.

2.  Is there anywhere on the Cisco Support Site (the same one you would access from the IE Lab) where I can view all of the IPS signatures that are available.  Both for either the IPS and also the IOS IPS.  I guess I would like to see a list and also know each of the signatures descriptions if possible.

You can search them all on the following page:

http://tools.cisco.com/security/center/ipshome.x?i=62

 3.  When finalizing a configuration for IOS IPS, is it necessary to run the command IP HTTP SERVER?

no, but you need the http secure-server if you want to poll your events with SDEE.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hey karsten--  thank you for your replies, you helped me understand more clearly.

I had a quick question in reference to me having to enable HTTP Secure-Server for the utilization of SDEE.  Is there a specific reason or situation in where this would be necessary? 

I ask because I was able to find this in the SDEE segment of the IOS IPS Configuration Guide--

To use SDEE, the HTTP server must be enabled (via the ip http server command). If the HTTP server is not enabled, the router cannot respond  to the SDEE clients because it cannot not "see" the requests.

Review Cisco Networking for a $25 gift card