131
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Security Features
Configuring Cisco IOS IPS
Configuring Cisco IOS IPS
Cisco IOS Intrusion Prevention System (IPS) technology enhances perimeter firewall protection by
taking appropriate action on packets and flows that violate the security policy or represent malicious
network activity.
Cisco IOS IPS identifies attacks using “signatures” to detect patterns of misuse in network traffic.
Cisco IOS IPS acts as an in-line intrusion detection sensor, watching packets and sessions as they flow
through the router, scanning each to match currently active (loaded) attack signatures. When Cisco IOS
IPS detects suspicious activity, it responds before network security can be compromised, it logs the
event, and, depending on the action(s) configured to be taken for the detected signature(s), it does one
of the following:
• Sends an alarm in syslog format or logs an alarm in Secure Device Event Exchange (SDEE) format
• Drops suspicious packets
• Resets the connection
• Denies traffic from the source IP address of the attacker for a specified amount of time
• Denies traffic on the connection for which the signature was seen for a specified amount of time
For additional information about configuring Cisco IOS IPS, see the “Cisco IOS IPS 5.x Signature
Format Support and Usability Enhancements” section of Cisco IOS Security Configuration Guide:
Securing the Data Plane, Release 12.4T at:
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/12_4t/
sec_data_plane_12_4t_book.html.
Content Filtering
Cisco 3900 series, 2900 series, and 1900 series ISRs provide category-based URL filtering. The user
provisions URL filtering on the ISR by selecting categories of websites to be permitted or blocked. An
external server, maintained by a third party, is used to check for URLs in each category. Permit and deny
policies are maintained on the ISR. The service is subscription based, and the URLs in each category are
maintained by the third party vendor.
For additional information about configuring URL filtering, see “Subscription-based Cisco IOS Content
Filtering” at: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_url_filtering.html.
Configuring VPN
A Virtual Private Network (VPN) connection provides a secure connection between two networks over
a public network such as the Internet. Cisco 3900 series, 2900 series, and 1900 series ISRs support two
types of VPNs: site-to-site and remote access. Remote access VPNs are used by remote clients to log in
to a corporate network. Site-to-site VPNs connect branch offices to corporate offices. This section gives
an example for each.
Remote Access VPN Example
The configuration of a remote access VPN uses Cisco Easy VPN and an IP Security (IPSec) tunnel to
configure and secure the connection between the remote client and the corporate network. Figure 1
shows a typical deployment scenario.
To Next Page
Loading...
Need help?
General
Weight and Dimensions
