11-17-2010 01:06 PM - edited 03-10-2019 05:10 AM
i have new requirement for an IDS.
currently running a 2xT1 on a cisco 1841 with ios= advanced enterprise services 12.4.25a.
only other requirement i need is crypto feature for ipsec vpn.
i saw this document:
Cisco IOS Firewall Intrusion Detection System
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/ios_ids.html
when i try "router conf>ip audit"
i get a 'not recognized command' which i guess is b/c its not part of the 12.4 features.
i tried the ios navigator and found i might need c1841-advsecurityk9-mz.151-2.T.bin HOWEVER when using the tool i requested BOTH IP SEC & IDS no products were found.
questions:
1. what do i need for an ids with my 1841? ios? software based (like snort?) is it true i must have a network tap or a switch with a span port?
2. is there an ios that has both crypto and IDS?
thanks.
Solved! Go to Solution.
 
					
				
		
11-18-2010 03:22 AM
For the 1841 router you have two options:
You can find out more about the AIM-IPS here:
You can find out more about the IOS IPS feature set here:
http://www.cisco.com/go/iosips
Scott
11-17-2010 04:13 PM
Someone has successfully tried to download the IPS signature into a ISR G1 router and he said that's all he does regularly. Don't know if this'll work for you.
One more thing ... IDS on an 1841? I don't know if this has enough "umph" to do it.
 
					
				
		
11-18-2010 03:22 AM
For the 1841 router you have two options:
You can find out more about the AIM-IPS here:
You can find out more about the IOS IPS feature set here:
http://www.cisco.com/go/iosips
Scott
11-18-2010 07:23 AM
hello,
not IPS rather IDS, unless im missing something and the IPS includes an IDS in it?
i also have an ASA 5510 which i am not using since i lack the know how of how to use it with the 1841, the idea was to leave the routing to the 1841 and let the ASA handle the VPN and whatever else it can do (which is?) but how to make them work together etc i need to learn.
but if the ASA can do IDS it could work, buit i didnt see any product for the ASA that CAN. i saw an IPS module for the ASA however as i mentioned above i need an IDS not IPS.
any help / point of view is appreciated. so far i learned the 1841 doesnt have enough "umph". is the 2800 the next platform with enough umph?
thank you
 
					
				
		
11-18-2010 07:29 AM
The IPS options available from Cisco can be configured to operate in IDS mode; the difference being whether the device is configured to operate inline of the traffic flow (IPS) or only inspecting a copy of the traffic (IDS). Both the AIM-IPS module for the Cisco 1841 and the AIP-SSMs for the ASA can be configured to operate like an IDS by being configured in promiscuous mode.
Scott
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide