!----Task 1: Enable IOS IPS
!--Step 2. Create an IOS IPS configuration directory in flash.
!
enable
ciscoenpa55
!
mkdir ipsdir
!
!--Step 3. Configure the IPS signatures torage location.
ip ips config location flash:ipsdir
!
!--Step 4. Create an IPS rule.
!
ip ips name iosips
!
!--Step 5. Enable logging.
!
ip ips notify log
exit
!
clock set 01:20:00 6 january 2009
!
configure terminal
!
service timestamps log datetime msec
!
logging host 192.168.1.50
!
!--Step 6. Configure IOS IP S to us e the s ignature categories .
!
ip ips signature-category
category all
retired true
exit
category ios_ips basic
retired false
exit
exit
!
!--Step 7. Apply the IPS rule to an interface.
!
interface fa0/0
ip ips iosips out
!
!----Task 2: Modify the Signature
!--Step 1. Change the event-action of a signature.
!
exit
ip ips signature-definition
signature 2004 0
status
retired false
enabled true
exit
engine
event-action produce-alert
event-action deny-packet-inline
exit
exit
exit
!
!--Step 2. Us e s how commands to verify IPS .
!
!To which interfaces and in which direction is the iosips rule applied?
!Fa 0/0 outbound
!
!--Step 3. Verify that IPS is working properly.
!
!From PC-C, attempt to ping PC-A. Were the pings successful? Why or why not?
!The pings should fail. This is because the IPS rule for event-action of an echo request was set to “deny-packet-inline.
!
!From PC-A, attempt to ping PC-C. Were the pings successful? Why or why not?
!The ping should be successful. This is because the IPS rule does not cover echo reply. When PC-A pings PCC,
!PC-C responds with an echo reply.
No comments:
Post a Comment