Solved: IPS 4255

Asif Majeed · ‎02-02-2012

Dear all i have an issue while configuring Cisco IPS4255 in lab,

when i configure the two interfaces of device as inline interface pair mode and create an attack using any signature such as 2004 , 11020, 3401 , the actions of signature i.e. deny packet inlinle, or deny connection inline are not working mean that these two options when selected dnt block the packets or connections of specified traffic , although the events show that deny packet inline and deny connection inline are getting true value.

Only option that works from the list is ' deny attacker inline' for any of the signature.

Is that because of licensing issue because my device doe not have valid license installed in it right now or i am not configuring the device properly.

Thx in advance for kind help

asif

rhermes · ‎02-02-2012

The lack of a current license will not prevent proper sensor operation. It should still block traffic as you have configured.

The only limitation of an unlicensed sensor is you can not install signature updates (you can only install software updates).

- Bob

View solution in original post

rhermes · ‎02-02-2012

The lack of a current license will not prevent proper sensor operation. It should still block traffic as you have configured.

The only limitation of an unlicensed sensor is you can not install signature updates (you can only install software updates).

- Bob

Asif Majeed · ‎02-08-2012

thank you bob for your answer, it is working fine now , you were right, issue was that i did configured event action overriding in IPS and just selected "Deny attacker inline" option, thats why every signature's action was getting override. It is working without license.