Re: IPS Manager Express & IOS IPS

ms4561 · ‎04-02-2011

I'm currently running IOS 15.1(2) and use the CLI. Usually manually download new IPS updates & copy to router via TFTP.I've never bothered with SDM or any GUI software but I decided to take a look at

CIME. Firstly I've got the router locked down & would like to use HTTPS only for the connection.

1. Does the CIME make any changes to the router config?

2 . What commands I need to use (to enable HTTPS only) & are their any other changes I need to make

to the config?

3. When using HTTPS does what certifacte is used to authenicate the connection?

Regards

Jennifer Halim · ‎04-03-2011

There is very limited functionality on IME that is supported for IOS IPS. You won't be able to update the configuration/signature via IME for IOS IPS.

Here is the list of what is supported on IME for IOS IPS for your reference:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5715/ps9610/data_sheet_c78-459033.html

IME is more suitable for IPS appliance, or IPS hardware module.

To answer your question:

1. No, it won't make any changes to the router config. It doesn't even support the IPS configuration changes.

2. To enable HTTPS on the router: ip http server

At the moment, your config has "ip http access-class 23" however, i can't see any ACL 23. To restrict access only from a few subnets/hosts, you can configure ACL and apply it to "ip http access-class" command. Otherwise, if you don't need to restrict from specific subnets/hosts, just remove the above command.

3. It will use self signed certificate on the router.

Hope this helps.