07-13-2012 10:40 PM - edited 03-10-2019 05:43 AM
Hi Guys,
We have recently purchased a Cisco ISR 2921, and on its docs it is writen that this product has a License for IOS IPS Signatrue File, but on the product Flash Memory there is no IOS IPS Sig-File. and while i try to download the sig-file from Cisco, it fails.
Can any one tell me where is an alternate way to download the sig-file ?
Solved! Go to Solution.
07-15-2012 10:40 AM
900 active signatures is quite much for a system that has no dedicated IPS-ressources.
But you can controll which and how many signatures get enabled on your router:
In the following example I first disable all signatures and enable the ones for web-servers. So just decide which signatures you need. But don't forget to monitor your router-ressources.
gw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
gw(config)#ip ips signature-category
gw(config-ips-category)#?
IPS signature category configuration commands:
category Category keyword
exit Exit from Category Mode
no Negate or set default values of a command
gw(config-ips-category)#category ?
adware/spyware Adware/Spyware (more sub-categories)
all All Categories
attack Attack (more sub-categories)
configurations Configurations (more sub-categories)
ddos DDoS (more sub-categories)
dos DoS (more sub-categories)
email Email (more sub-categories)
instant_messaging Instant Messaging (more sub-categories)
ios_ips IOS IPS (more sub-categories)
l2/l3/l4_protocol L2/L3/L4 Protocol (more sub-categories)
network_services Network Services (more sub-categories)
os OS (more sub-categories)
other_services Other Services (more sub-categories)
p2p P2P (more sub-categories)
reconnaissance Reconnaissance (more sub-categories)
releases Releases (more sub-categories)
specially_licensed_signature Specially Licensed Signature (more sub-categories)
telepresence TelePresence (more sub-categories)
uc_protection UC Protection (more sub-categories)
viruses/worms/trojans Viruses/Worms/Trojans (more sub-categories)
web_server Web Server (more sub-categories)
gw(config-ips-category)#category all
gw(config-ips-category-action)#retire true
gw(config-ips-category-action)#exit
gw(config-ips-category)#category web_server
gw(config-ips-category-action)#?
Category Options for configuration:
alert-severity Alarm Severity Rating
enabled Enable Category Signatures
event-action Action
exit Exit from Category Actions Mode
fidelity-rating Signature Fidelity Rating
no Negate or set default values of a command
retired Retire Category Signatures
gw(config-ips-category-action)#retired false
gw(config-ips-category-action)#exit
gw(config-ips-category)#exit
Do you want to accept these changes? [confirm]
gw(config)#
gw(config)#exit
gw#sh ip ips configuration | s IPS Signature Status
IPS Signature Status
Total Active Signatures: 131
Total Inactive Signatures: 4370
gw#
I didn't follow the thread and answered your first post to have less line-breaks in this post.
07-14-2012 12:13 AM
The ISRs can run IPS (which is stated in the docs), but you need the "Services for IPS" which is an additional license. Do you have that? You can control that with the command:
show ip ips license
I forgot one thing: Which IOS-version are you running? The requirements depend on the version.
Nachricht geändert durch Karsten Iwen
07-14-2012 01:10 AM
ISR2921#sho ip ips license
IPS License Status: Not Required
Current Date: Jul 14 2012
Expiration Date: Not Available
Extension Date: Not Available
Signatures Loaded: Not Available S0.0
Signature Package: Not Available S0.0
-------
Sho ver output >> Version 15.1(4)
07-14-2012 01:26 AM
ok, how did you try to download the signatures? With auto-update from on the router from cisco.com? Have you imported the cisco.com public-key?
An alternative way to download is directly from cisco.com and to import the file into the router:
http://www.cisco.com/cisco/software/navigator.html?mdfid=281442967
07-14-2012 02:28 AM
Yes i tried to download with auto-update from the Router itself. but i didnt imported the Public-key. i tried to findout and import the public-key but i couldnot find it. can you instruct me on how to import the public-key?
the link you sent me for downloading the sig-file directly from cisco.com, while i opened that it gives a error message as bellow :
The download process was interrupted.Please restart the download process. If you continue to see this message, contact Cisco support at web-help@cisco.com.
07-14-2012 04:16 AM
The procedere to set IPS up is described in the Sec Configuration Guide:
The public key can be found here:
07-14-2012 04:40 AM
While i click on the link you sent above i get the following error mesage. i dont have cco account as cisco.com
07-14-2012 04:52 AM
For download you need a valid cco-account. Ask your cisco-partner where you bought the router. They can assist you in creating the account and attach the needed download-rights.
07-14-2012 05:35 AM
ok. thanks. can you tell me what is the latest IOS IPS Sigature-File version ? is it S636 or how.
I am asking this question because the cisco-partner who we have purchased the router , he has given us this verion of ips sig-file and saying that this is the latest version
07-14-2012 06:02 AM
That's right. For IOS-IPS it's the latest version.
07-15-2012 05:55 AM
Ok i downloaed the IOS IPS file into my router, and it is enabled now. But when i the enabled signatures, it shows only 923-enabled signatures on my router
Can't i download more signatrues and update my router ips signatures? for doing this do it need any extra license or how ? please instruct
07-15-2012 10:40 AM
900 active signatures is quite much for a system that has no dedicated IPS-ressources.
But you can controll which and how many signatures get enabled on your router:
In the following example I first disable all signatures and enable the ones for web-servers. So just decide which signatures you need. But don't forget to monitor your router-ressources.
gw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
gw(config)#ip ips signature-category
gw(config-ips-category)#?
IPS signature category configuration commands:
category Category keyword
exit Exit from Category Mode
no Negate or set default values of a command
gw(config-ips-category)#category ?
adware/spyware Adware/Spyware (more sub-categories)
all All Categories
attack Attack (more sub-categories)
configurations Configurations (more sub-categories)
ddos DDoS (more sub-categories)
dos DoS (more sub-categories)
email Email (more sub-categories)
instant_messaging Instant Messaging (more sub-categories)
ios_ips IOS IPS (more sub-categories)
l2/l3/l4_protocol L2/L3/L4 Protocol (more sub-categories)
network_services Network Services (more sub-categories)
os OS (more sub-categories)
other_services Other Services (more sub-categories)
p2p P2P (more sub-categories)
reconnaissance Reconnaissance (more sub-categories)
releases Releases (more sub-categories)
specially_licensed_signature Specially Licensed Signature (more sub-categories)
telepresence TelePresence (more sub-categories)
uc_protection UC Protection (more sub-categories)
viruses/worms/trojans Viruses/Worms/Trojans (more sub-categories)
web_server Web Server (more sub-categories)
gw(config-ips-category)#category all
gw(config-ips-category-action)#retire true
gw(config-ips-category-action)#exit
gw(config-ips-category)#category web_server
gw(config-ips-category-action)#?
Category Options for configuration:
alert-severity Alarm Severity Rating
enabled Enable Category Signatures
event-action Action
exit Exit from Category Actions Mode
fidelity-rating Signature Fidelity Rating
no Negate or set default values of a command
retired Retire Category Signatures
gw(config-ips-category-action)#retired false
gw(config-ips-category-action)#exit
gw(config-ips-category)#exit
Do you want to accept these changes? [confirm]
gw(config)#
gw(config)#exit
gw#sh ip ips configuration | s IPS Signature Status
IPS Signature Status
Total Active Signatures: 131
Total Inactive Signatures: 4370
gw#
I didn't follow the thread and answered your first post to have less line-breaks in this post.
07-15-2012 10:11 PM
Ok Thanks for your instruction.
If i want to update my signatre-database to get the new updates, do i need to have a separate license for ? or i can download new updates normaly
07-15-2012 10:18 PM
I think for updating IPS Signature-File, a CCO account is required. am i right ?
07-17-2012 04:55 PM
Yes you do need a CCO account. Go ahead and sign up for one. You don't need any additional access for the CCO account.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide