That's because the confg location that you configured would have already had a sig file stored when the router was previously configured for IPS.
With regards KIngs On Sat, Feb 26, 2011 at 12:07 AM, Pemasiri Devanarayana <[email protected]>wrote: > Hi, > > When I was configuring IOS IPS, I could saw that before I download the > signature package file, all the signatures was enabled, I'm wondering how > this can be.. , however I have used the same router some time back to do the > same lab, but that time it was as expected. Here are the steps I did when > configuring IOS IPS. > > 1) load the cisco public rsa key > 2) retired all signature and enabled only the required category > 3) configure IOS IPS parameters such as IPS name, config location, notify > SDEE etc > 4) apply the IOS IPS name to interface (both in and out) > > then immediately I was able to see the below messages: > > > R2(config)#ip ips no > R2(config)#ip ips notify S > R2(config)#ip ips notify SDEE > R2(config)#ip is > R2(config)#ip ip > R2(config)#ip ips na > R2(config)#ip ips name iosips > R2(config)#int fa0/0 > R2(config-if)#ip ips > R2(config-if)#ip ips n > R2(config-if)#ip ips n > R2(config-if)#ip ips na > R2(config-if)#ip ips iosips in > R2(config-if)#ip ips iosips in > R2(config-if)#ip ips iosips out > R2(config-if)# > R2(config-if)#exit > R2(config)#do sh ip ips sig count > Another IPS operation is accessing the signatures. > R2(config)# > Feb 25 12:41:30.743: %IPS-3-IPS_CONCURRENT_ACCESS: Another IPS operation is > accessing the signatures. > R2(config)# > Feb 25 12:41:47.047: %IPS-6-ENGINE_BUILDS_STARTED: 12:41:47 UTC Feb 25 > 2011 > Feb 25 12:41:47.051: %IPS-6-ENGINE_BUILDING: multi-string - 17 signatures - > 1 of 13 engines > Feb 25 12:41:47.091: %IPS-6-ENGINE_READY: multi-string - build time 40 ms - > packets for this engine will be scanned > Feb 25 12:41:47.235: %IPS-6-ENGINE_BUILDING: service-http - 721 signatures > - 2 of 13 engines > Feb 25 12:41:47.983: %IPS-6-ENGINE_READY: service-http - build time 748 ms > - packets for this engine will be scanned > Feb 25 12:41:48.407: %IPS-6-ENGINE_BUILDING: string-tcp - 1658 signatures - > 3 of 13 engines > R2(config)# > Feb 25 12:41:59.007: %IPS-6-ENGINE_READY: string-tcp - build time 10600 ms > - packets for this engine will be scanned > Feb 25 12:41:59.271: %IPS-6-ENGINE_BUILDING: string-udp - 78 signatures - 4 > of 13 engines > Feb 25 12:41:59.351: %IPS-6-ENGINE_READY: string-udp - build time 80 ms - > packets for this engine will be scanned > Feb 25 12:41:59.367: %IPS-6-ENGINE_BUILDING: state - 34 signatures - 5 of > 13 engines > Feb 25 12:41:59.387: %IPS-6-ENGINE_READY: state - build time 20 ms - > packets for this engine will be scanned > Feb 25 12:41:59.451: %IPS-6-ENGINE_BUILDING: atomic-ip - 342 signatures - 6 > of 13 engines > R2(config)# > Feb 25 12:42:00.607: %IPS-6-ENGINE_READY: atomic-ip - build time 1156 ms - > packets for this engine will be scanned > Feb 25 12:42:00.647: %IPS-6-ENGINE_BUILDING: string-icmp - 3 signatures - 7 > of 13 engines > Feb 25 12:42:00.647: %IPS-6-ENGINE_READY: string-icmp - build time 0 ms - > packets for this engine will be scanned > Feb 25 12:42:00.651: %IPS-6-ENGINE_BUILDING: service-ftp - 3 signatures - 8 > of 13 engines > > > then I gave the below commands and noticed all the signature are loaded > before downloading IOS-S416-CLI.pkg to idconf.. > > R2(config)#do sh ip ips sig count > > Cisco SDF release version S416.0 > Trend SDF release version V0.0 > > Signature Micro-Engine: multi-string: Total Signatures 17 > multi-string enabled signatures: 13 > multi-string retired signatures: 17 > > Signature Micro-Engine: service-http: Total Signatures 721 > service-http enabled signatures: 145 > service-http retired signatures: 715 > service-http compiled signatures: 6 > service-http obsoleted signatures: 2 > > Signature Micro-Engine: string-tcp: Total Signatures 1658 > string-tcp enabled signatures: 650 > string-tcp retired signatures: 1620 > string-tcp compiled signatures: 38 > string-tcp obsoleted signatures: 22 > > Signature Micro-Engine: string-udp: Total Signatures 78 > string-udp enabled signatures: 2 > string-udp retired signatures: 75 > string-udp compiled signatures: 3 > string-udp obsoleted signatures: 1 > > Signature Micro-Engine: state: Total Signatures 34 > state enabled signatures: 17 > state retired signatures: 34 > > Signature Micro-Engine: atomic-ip: Total Signatures 342 > atomic-ip enabled signatures: 90 > atomic-ip retired signatures: 338 > atomic-ip compiled signatures: 4 > > Signature Micro-Engine: string-icmp: Total Signatures 3 > string-icmp enabled signatures: 0 > string-icmp retired signatures: 3 > > Signature Micro-Engine: service-ftp: Total Signatures 3 > service-ftp enabled signatures: 1 > service-ftp retired signatures: 3 > > Signature Micro-Engine: service-rpc: Total Signatures 76 > service-rpc enabled signatures: 44 > service-rpc retired signatures: 76 > > Signature Micro-Engine: service-dns: Total Signatures 39 > service-dns enabled signatures: 27 > service-dns retired signatures: 39 > service-dns obsoleted signatures: 1 > > Signature Micro-Engine: normalizer: Total Signatures 9 > normalizer enabled signatures: 8 > normalizer retired signatures: 9 > > Signature Micro-Engine: service-smb-advanced: Total Signatures 49 > service-smb-advanced enabled signatures: 42 > service-smb-advanced retired signatures: 49 > > Signature Micro-Engine: service-msrpc: Total Signatures 33 > service-msrpc enabled signatures: 22 > service-msrpc retired signatures: 33 > service-msrpc obsoleted signatures: 1 > > Total Signatures: 3062 > Total Enabled Signatures: 1061 > Total Retired Signatures: 3011 > Total Compiled Signatures: 51 > Total Obsoleted Signatures: 27 > > My question is how come router load those signature before loading package > file to idconf..??? (how ever the same lab I did on the same router some > time back,,,) > > Thanks > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
