Which interface to apply IOS IPS

ohareka70 · ‎09-21-2011

Hello,

I have IOS IPS installed on 4 routers on our network at different sites. They are 2911 routers, with 2GB ram and i am using the latest signatures from cisco. Everything is working fine. I have enabled the basic signatures. At the moment the ips policy is only applied to the wan interface and not the lan. So in summary:

interface serial0/0 (wan link)

ip address x.x.x etc

ip ips mypolicy in

ip ips mypolicy out

exit

According to cisco i should not bother applying ip ips mypolicy out on the wan interface (serial0/0) but should have ip ips mypolicy in on the fa0/0

lan interface aswell as the serial0/0 interface.

interface fa0/0 (lan traffic)

NO IPS POLICY IN HERE AT THE MOMENT

anyone got experience on this?

regards

Kevin

svaish · ‎09-24-2011

Hi Kevin,

I would say that you have done the right thing, since router are limited in memory we should not enable a lot of signatures and also try to limit the scanning to traffic that we actually need to be scanned.

In what you have done any traffic that in entering or leaving the WAN interface will be scanned.

Now if there are more interfaces on your router and you want the traffic between the interfaces to be scanned as well in that case only you should enable IPS on those interfaces.

Most of the times it is not needed.

Regards,

Sachin

ohareka70 · ‎09-26-2011

Yeah - i am still not sure about this one though. Hopefully i can work this out.

interface serial0/0 (wan link)

ip ips mypolicy out