STEP 6.

config an IOS IPS on the Router

(Intrusion Protection System)

- set the IPS signature storage location

Router(config)# ip ips config location flash:

(it must be flash: !)

-create an IPS rule named "corpips"

Router(config)# ip ips name corpips

-configure signature categories:

retire all signature categories and unretire ios_ips basic category

Router(config)# ip ips signature-category

Router(config-ips-category)# category all
Router(config-ips-category-action)# retired true

Router(config-ips-category)# category ios_ips basic

Router(config-ips-category-action)# retired false

- apply the IPS rule to g0/0 in the out direction

Router(config)# int g0/0
Router(config-if)# ip ips corpips out

-modify the ios_ips basic category (the signature definition!)

unretire echo request (signature 2004, subsig 0), enable it:

Router(config)# ip ips signature-definition

Router(config-sigdef)# signature 2004 0
Router(config-sigdef-sig)# status
Router(config-sigdef-sig-status)# enabled true VAGY retired false

modify event-action to alert and deny packets that matches it:

Router(config)# ip ips signature-definition
Router(config-sigdef)# signature 2004 0
Router(config-sigdef-sig)# engine
Router(config-sigdef-sig)# event-action deny-packet-inline
Router(config-sigdef-sig)# event-action produce-alert

-ping only works from DMZ server to Admin PC

(Admin PC cannot ping DMZ server)