IPS on Cisco 887 with Adv IP Services

thesupporthouseptyltd · ‎08-15-2011

Hi Guys,

I am new to IPS and would like to enhance the security of the Cisco 887s we have, they all have Adv IP Services with IOS 15.0 M7

What is required to enable IPS, such as products or licences? (Product Codes would be helpful)

What is a basic configuration I can use that will enhance security but not hinder the current setup too much?

What are some good guides on using IPS?

Any help would be greatly appreciated

Kind Regards,

Andrew

Jennifer Halim · ‎08-16-2011

You would need to purchase the IPS subscription license first, and more information on the part# as well as the procedure to install the license can be found here:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_ios_ips_srvc.html

here is the configuration guide on IOS IPS for your reference:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ips_v5.html

Hope this helps.

thesupporthouseptyltd · ‎08-16-2011

Thanks I've managed to get it working but just having a issue with McAfee MXLogic system, it protects our server from spam and attacks on SMTP etc but the IPS is now blocking it with the error "Long SMTP Command"

Is there anyway to white list a IP to avoid IPS?

raga.fusionet · ‎08-17-2011

Matthew,

In order to filter traffic you would need to define your IPS rule using an ACL:

ip ips name ips-name [list acl]

On the ACL you can deny the hosts that you dont want to be inspected by the IPS.

You can check the command ref if you need more info.

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_i1gt.html#wp1196019

I hope this helps.

Raga