ITNE 2005R

Develop Security Infrastructure

Lab Tutorial 8
Configure IOS Intrusion Prevention System (IPS)

FEB 2021
ITNE2005R Lab Tutorial 3

Configure IOS Intrusion Prevention System (IPS)

Objective

Enable IOS IPS.

Configure logging.

Modify an IPS signature.

Verify IPS

Please provide the screenshot of your work as an evidence. Also, save and keep the packet tracer file. It may be
asked later for the verification

Background / Scenario

Your task is to enable IPS on R1 to scan traffic entering the 192.168.1.0 network. The server labeled
Syslog is used to log IPS messages. You must configure the router to identify the syslog server to receive
logging messages. Displaying the correct time and date in syslog messages is vital when using syslog to
monitor the network. Set the clock and configure the timestamp service for logging on the routers.
Finally, enable IPS to produce an alert and drop ICMP echo reply packets inline.

Figure 1 Topology

Copyright © 2021 VIT, All Rights Reserved. 2

ITNE2005R Lab Tutorial 3

Copyright © 2021 VIT, All Rights Reserved. 3

ITNE2005R Lab Tutorial 3

Part 1: Enable IOS IPS

First, we checked to see if our security technology package was turned on, but it wasn't.

Copyright © 2021 VIT, All Rights Reserved. 4

ITNE2005R Lab Tutorial 3

The security technology package was then activated, and the user licensing agreement was
approved. We then reloaded the router in order to activate the security license.

Copyright © 2021 VIT, All Rights Reserved. 5

ITNE2005R Lab Tutorial 3

Here we can see if our security license has been activated:

Copyright © 2021 VIT, All Rights Reserved. 6

ITNE2005R Lab Tutorial 3

The connection of my topology was then tested by pinging from PC-C to PC-A and conversely,
and then both pings were successful.

Copyright © 2021 VIT, All Rights Reserved. 7

ITNE2005R Lab Tutorial 3

Then, in flash, we established an IOS IPS configuration directory and specified the IPS signature
storage location. Then we added an IPS rule, enabled logging, and adjusted the clock.

Copyright © 2021 VIT, All Rights Reserved. 8

ITNE2005R Lab Tutorial 3

Finally, we set up IOS IPS to employ signature categories and assigned an IPS rule to an interface.

Copyright © 2021 VIT, All Rights Reserved. 9

ITNE2005R Lab Tutorial 3

Part 2: Modify the Signature

Then we altered the signature event action by un-retiring the echo request signature and altering
the action to alert and drop, as seen below.

Copyright © 2021 VIT, All Rights Reserved. 10

ITNE2005R Lab Tutorial 3

Then, using the show ip ips all command, we checked all of the setups and obtained the proper
summary.

Copyright © 2021 VIT, All Rights Reserved. 11

ITNE2005R Lab Tutorial 3

We then pinged from PC-C to PC-A, but it failed since the IPS rule for event action of an echo
request was set to reject packet inline. However, the ping between PC-A and PC-C worked since the
IPS rule does not cover echo response?

References:
https://itexamanswers.net/: https://ccnasec.com/

Copyright © 2021 VIT, All Rights Reserved. 12