cisco 1841 IPS (1)

今天就开始在ISR 1841做一些IPS的实验

 

用1841 PPPOE拨号.

Router#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(13b),
LEASE SOFTWARE (fc3)
Technical Support: [url]http://www.cisco.com/techsupport[/url]
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Tue 24-Apr-07 13:45 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 1 hour, 58 minutes
System returned to ROM by reload at 12:41:42 UTC Sat May 5 2007
System p_w_picpath file is "flash:c1841-advsecurityk9-mz.124-13b.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
[url]http://www.cisco.com/wwl/export/crypto/tool/stqrg.html[/url]

If you require further assistance please contact us by sending email to
[email]export@cisco.com[/email].

Cisco 1841 (revision 6.0) with 115712K/15360K bytes of memory.
Processor board ID FHK1104F3LQ
2 FastEthernet interfaces
1 Serial(sync/async) interface
1 Virtual Private Network (×××) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Router#

 

Router#sh run
Building configuration...

Current configuration : 1463 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
ip cef
!
!
ip name-server 222.47.62.22
ip name-server 211.98.4.1
vpdn enable
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
 ip address 192.168.18.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 bandwidth 1024
 no ip address
 no ip redirects
 no ip proxy-arp
 encapsulation frame-relay IETF
 fair-queue
 clock rate 2000000
 frame-relay lmi-type ansi
 max-reserved-bandwidth 100
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip inspect test out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username ****** password 0 ******
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.1 23 134.248.10.*  23 extendable
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login
!
scheduler allocate 20000 1000
end

Router#

配置IPS:

 

Router(config)#ip inspect name test  udp

Router(config)#access-list 101 permit udp any any

Router(config)#int dial 1
Router(config-if)#ip acce
Router(config-if)#ip access-group 101 in
Router(config-if)#end

Router#sh run int dial 1
Building configuration...

Current configuration : 272 bytes
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip access-group 101 in
 ip inspect test out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username ****** password 0 ******
end

 

Router#sh ip inspect sess
Established Sessions
 Session 632C4AC8 (192.168.18.219:4002)=>(219.133.49.169:8000) udp SIS_OPEN
 Session 632C5EC8 (192.168.18.219:6008)=>(58.61.164.191:8000) udp SIS_OPEN
Router#