Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
0
Helpful
3
Replies

Is there a way to automate IOS IPS signature updates without CSM?

darthnul
Level 1
Level 1

‎12-02-2010 02:26 PM - edited ‎03-10-2019 05:11 AM

I have a growing number of 891 routers running IOS IDS/IPS. My Cisco vendor has stated repeatedly that CSM is the only way to manage signature updates to multiple routers, but I'm finding CSM to be incredibly tedious and slow. It also wants to manage a lot more than just the IPS policies and signatures which causes other problems.

I have about 160 routers deployed now and that will grow to at least 600. I have CSM 3.3.1. I'm told 4.x would make it easier becasue it can be configured to ignore more of the non-IPS bits of the router configs, but the upgrade is a big chunk of money that wouldn't be in the budget until at least 2012.

Is anybody doing this with an expect script or EEM applets or something else? It seems to me that I could manually upload an update to one router and push the resulting XML files to all the other routers a lot easier and faster than I could "discover" a bunch of routers in CSM (and rediscover them every time we make a CLI change), add the routers to a group, apply updates to a sig policy, lather, rinse, repeat..., not to mention troubleshooting the weird errors and completely wron "warnings" that CSM spews.

               Thanks in advance!

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎12-02-2010 02:49 PM

From IOS version 15.1(1)T, you can configure the IOS IPS to auto update from cisco.com which would help I believe.

Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1138659

0 Helpful

darthnul
Level 1
Level 1
In response to Jennifer Halim

‎12-02-2010 03:04 PM

Thanks. That might be an option, but I really do need to be able to tune the signatures for my environment before they go out to all the routers since I'm the one who would be getting paged every time there's an IPS hit.

0 Helpful

royb122bkaskar
Level 1
Level 1
In response to Jennifer Halim

‎12-08-2010 05:22 PM

Hi,

Is there a way to update the Signatures on RVS4000 routers? Last updated file was posted back in Jun 2010.

Could the procedure be followed in this particular version of router?

TIA

-B

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card