57-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter57 Using Protection Tools
Configuring IP Audit for Basic IPS Support
Configuring IP Audit for Basic IPS Support
The IP audit feature provides basic IPS support for the ASA that does not have an AIP SSM. It supports
a basic list of signatures, and you can configure the ASA to perform one or more actions on traffic that
matches a signature.
This section includes the following topics:
Configuring IP Audit, page57-3
IP Audit Signature List, page57-4

Configuring IP Audit

To enable IP audit, perform the following steps:
Step1 To define an IP audit policy for informational signatures, enter the following command:
hostname(config)# ip audit name name info [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step2 To define an IP audit policy for attack signatures, enter the following command:
hostname(config)# ip audit name name attack [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step3 To assign the policy to an interface, enter the following command:
ip audit interface interface_name policy_name
Step4 To disable signatures, or for more information about signatures, see the ip audit signature command in
the command reference.