44-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 44 Configuring IOS IPS Routers
Overview of Cisco IOS IPS Configuration
Configuring IOS IPS Interface Rules
Use the IPS Interface Rules policy to enable IPS inspection on Cisco IOS IPS routers and to specify the
interfaces that will be subject to IPS inspection. You can identify a subset of the traffic on the interface
that is subject to inspection by configuring an ACL and by specifying the traffic direction relative to the
interface.
Related Topics
Overview of Cisco IOS IPS Configuration, page 44-3
Understanding Cisco IOS IPS, page 44-1
Step 1 Do one of the following to open the Interface Rules policy you want to modify:
Maximum Messages The maximum number of SDEE messages that you want the router to
store, in the range of 10-500. Storing more messages uses more router
memory.
The default is 200.
IPS Config Location Properties
IPS Config Location The location where the router will save IOS IPS specific configuration
files. These configuration files are automatically updated every time the
IOS IPS configuration is changed or updated from Security Manager.
When the router reboots, the IOS IPS configuration is retrieved and
restored from these configuration files.
To specify a location on the router, enter the name of the directory. The
directory must already exist; Security Manager does not create it. For
example, flash:ips.
Note If the router has a LEFS-based file system, you will be unable
to create a directory in router memory. In this case, flash: is
used as the config location.
To specify a location on a remote system, specify the protocol and path
of the URL needed to reach the location. For example, if you want to
save the config files to an HTTP server, then enter
http://172.27.108.5/ips-cfg.
Supported servers for saving the IOS IPS configuration files are: http://,
https://, ftp://, rcp://, scp://, and tftp://.
Max retries When storing configuration files on a remote system, how many times
the router is to attempt to contact the remote system.
The default is 1.
Timeout seconds between
retries
When storing configuration files on a remote system, how long the
router is to wait before attempting to contact the configuration location
again.
The default is 1.
Table44-1 General Settings Page (Continued)
Element Description