Solved

Cisco 2911 router and intrusion prevention

Posted on 2011-09-18
6
651 Views
Last Modified: 2012-05-12
I have cisco 2911 ver 15.0(1)M3, IOS based router.  How do I know that I have Cisco intrusion prevention already installed on this particular IOS?  If its already there how to configure it stepwise.
My purpose is to start scanning the traffic coming on my terminal server and blocking all
unauthorized attempts and locking the external unauthorized IPs/disconnecting them right away, for 30 mintues.

Note:  If its not possible via this router, please suggest any firewall in cisco (not expensive on)
so that I can accomplish this task.
Help plz.
THanks
0
Comment
Question by:amanzoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 17

Accepted Solution

by:
MAG03 earned 500 total points
ID: 36558661
if you enter ip ips ? do you get any options? if you do then an IPS module is installed on your router. If not then you need to go and buy a module to install in your router.
http://www.cisco.com/en/US/prod/collateral/routers/ps5853/ps5875/product_data_sheet0900aecd806c4e2a_ps5855_Products_Data_Sheet.html

for configuration you can refer to this link:
http://www.cisco.com/en/US/products/ps6634/products_configuration_example09186a008097db8d.shtml
0
 
LVL 4

Author Comment

by:amanzoor
ID: 36561280
MAF03:
Thanks:  so its like a big NIC (called module) which sits inside the router.  Could you tell me once I seat this NIC(module) inside the router, my cable coming from the ISP would go into this new module?
0
 
LVL 17

Expert Comment

by:MAG03
ID: 36565088
I am a little uncertain about this for the IPS NME module. Normally the IPS would sit, for example, between the router and the switch.

I would not think that the cable from the ISP would connect to the IPS module. The documentation says it is used for Out Of Band management which would imply that the normal interfaces would still be used for monitoring and the IPS interface would be used for management. Again I am a little uncertain as I have never had to setup the IP NME module before.

I have unfortunately not found anything useful about whether my assumption is correct or not about the module, but just to repeat myself, in a normal IPS setup the IPS would be located on the inside network. Or atleast when configured it is only monitoring the inside interface of the router and not the outside interface, because if you were monitoring the outside interface warnings would be flashing up left and right due to the regular random port scans, ping sweeps...etc.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 4

Author Comment

by:amanzoor
ID: 36567410
MAG03: Attached is my shrun, I have 3 interfaces at the moment within my router 2911 which I am using, please let me know the name of the interface I will be monitoring?
THanks
forEEpuposesAccesslistNewFeb2011.txt
0
 
LVL 4

Author Comment

by:amanzoor
ID: 36567477
Mag03:
Is't that too expensive?
http://www.softchoice.com/catalog/en-ca/network-adapters-cisco-ips-network-module-enhanced-expansion-module-gigabit-ethernet-NME-IPS-K9-BU5471
I would love to find out if the gig connection is used as the incoming from ISP.
0
 
LVL 17

Expert Comment

by:MAG03
ID: 36571957
I would monitor both campus LANs.

IPS modules are quite expensive and price can vary depending on features. I guess the price can range any where from around $2700 to around $4000 for an NME card (this is just an estimation from what I have seen, there might be more expensive cards out there and there might be cheaper ones. But the cheapest I have seen so far is around $2700).

So $3600 might be a little more that what you require but i would suggest finding one that is priced around $2700 - 3000 and compare the features and make the decision from there.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ospf neighbors not coming up 6 71
Setup another VLAN on Fortigate 3 38
adjusting startup config 6 54
TZ400 2 28
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question