44-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 44 Configuring IOS IPS Routers
Understanding Cisco IOS IPS
For an overall understanding of the Cisco IOS IPS configuration process, see Overview of Cisco IOS
IPS Configuration, page 44-3.
This section contains the following topics:
Understanding IPS Subsystems and Support of IOS IPS Revisions, page 44-2
Cisco IOS IPS Signature Scanning with Lightweight Signatures, page 44-2
Router Configuration Files and Signature Event Action Processor (SEAP), page44-3
Cisco IOS IPS Limitations and Restrictions, page 44-3
Understanding IPS Subsystems and Support of IOS IPS Revisions
Cisco Security Manager automatically supports minor revisions of IOS IPS. To identify minor revisions
that are supported, the IPS subsystem version is needed.
The IPS subsystem version is a version number used to keep track of Cisco IOS IPS feature changes.
The subsystem number is show in the device properties (right-click the device and select Device
Properties). You can also use the command show subsys name ips at a command line on the router that
is running Cisco IOS IPS to show the detailed Cisco IOS IPS subsystem version. The 3.x subsystems are
equivalent to IPS 5.x. For a list of the supported subsystems by Cisco IOS Software release, see the
Supported Devices and Software Versions for Cisco Security Manager on Cisco.com for this release of
Security Manager.
An IPS subsystem version is minor if the version difference is limited at postfix. For example, a revision
from 3.0.1 to 3.0.2 is considered minor. For another example, 3.0.1 to 3.1.1 is also considered a minor
version change. However, minor revisions that include new features are not automatically supported by
Cisco Security Manager.
Cisco IOS IPS Signature Scanning with Lightweight Signatures
The addition of Cisco IOS IPS signature scanning with lightweight signatures in Cisco IOS Release
15.0(1)M is an enhancement to Cisco IOS IPS that allows loading of larger signatures sets, without
consuming significant additional memory or reducing the memory consumed by an existing signature
set, by loading equivalent lighter-weight signatures. These signatures are referred to as lightweight
signatures.
Security Manager can discover and tune custom signatures with LWEs on ISRs and modular access
routers. Security Manager supports the following features for signatures with LWEs on ISRs and
modular access routers:
New signature types
Signature categories
New default signature category recognition
New engine update levels
Licensing status—bypassed, expired, or not installed