IPS Signature problem

I'm running into a problem with setting up IPS, and was hoping someone here had some words of wisdom.
I'm using a 7200 platform, virtualized using GNS3. Im running a 12.4(15)T image, and for some reason it's not recogizing my signatures. After finishing the SDM IPS wizard, the only signatures loaded are the 3 default sigs: 5000-0, 5000-1, and 5000-2.
The sig file is IOS-S400-CLI.pkg. I'm suspecting that this is of the old format, and won't compile onto the newer IOS images. Can anyone confirm this? I tried with SDM and CLI, but no luck. When I switched to a 12.4(4)T, everything went fine, but with using an earlier image the wizard obviously didn't match what was shown in the lab. If this file won't work, which ones will?
'preciate the help.

Find more posts tagged with

Comments

mikem2te

ian g wrote: »

I'm running into a problem with setting up IPS, and was hoping someone here had some words of wisdom.
I'm using a 7200 platform, virtualized using GNS3. Im running a 12.4(15)T image, and for some reason it's not recogizing my signatures. After finishing the SDM IPS wizard, the only signatures loaded are the 3 default sigs: 5000-0, 5000-1, and 5000-2.
The sig file is IOS-S400-CLI.pkg. I'm suspecting that this is of the old format, and won't compile onto the newer IOS images. Can anyone confirm this? I tried with SDM and CLI, but no luck. When I switched to a 12.4(4)T, everything went fine, but with using an earlier image the wizard obviously didn't match what was shown in the lab. If this file won't work, which ones will?
'preciate the help.

I believe files in the format IOS-S400-CLI.pkg are the newer version 5 files for IOS versions [FONT=&quot]12.4(11)T or later, although another doc I read said 12.4(15)T. Curious what you are seeing. I never had problems loading one of these files into a 12.4(24)T & 12.4(15)T but I had to jump through hoops to finish the SDM wizard as SDM uses version 4 files - I needed to copy the pkg file to the routers flash manually and load it from there.

Found these-
Getting Started with IOS IPS with 5.x Format Signatures ? A Step-by-Step Guide [Cisco IOS Intrusion Prevention System (IPS)] - Cisco Systems

Migrating Cisco IPS Ver 4.x Signature Format to Ver 5.x for Cisco IOS IPS [Cisco IOS Intrusion Prevention System (IPS)] - Cisco Systems
[/FONT]

ian g

It just gets wierder: I got another .pkg file from school and this unpacked nicely. It took quite a while as there were a lot more signatures than in the previous package. SDM home page shows 2721 total, 1075 enabled and 323 compiled. IPS status shows the signature id's, description etc.However..... When I go to configure > IPS > Signatures, I get a warning box pop up: 'SDM is unable to get signature details from the router. This might be due to issues in the IOS image that you are using.'
Curious indeed!
I know I should not get transfixed on this, and move on with my studies, but I just want to figure it out. Any ideas?
Model Type: 7206VXR, IOS version 12.4(15)T1. The location for the signatures is at disk0:/ipsdir.

locked

Can anyone provide me a link to download a signature file?? Please....