Cisco IOS IPS in Cisco 2921/k9 router

Similar Messages

• Cisco IOS IPS - How to manage signatures?

  Hello everyone,
  I'd like to efficiently tune signatures in IOS IPS on one router, a 1941. Available options I found are:
  CLI: not efficient to tune a group of signatures (example: Windows OS)
  CCP 2.7 (Windows GUI): best tool I know, but not efficient, since:
  a bit bugged (sometimes won't work on some computers)
  needs IE9 to work fine, thus excluding its use on W8/W8.1
  turnaround to use onIE10/IE11 won't always work (one computer refuses to keep compatibility view settings, for example)
  not able to efficiently sort signatures, using several criteria (main drawback)
  not able to exclude sets of signatures - like compile failed signatures
  CCP 2.8: only available in express version. I installed it, but did not see a tab about signature tuning ...
  Cisco Security Manager is complete overkill, since it needs a license and a server. Not simple to tune IPS on only one router ;-)
  IPS Manager Express: seems a nice tool, but mainly designed for IPS sensors and firewalls, and not able to tune signatures for a router.
  So, if one of you has an idea about a tool, whether Cisco or 3rd party, running preferably on Windows, it is very velcome!
  Thanks!

  Hello Will,
  I have only played with the CLI and with that I was able to selective enable the signatures I wanted (even using the sub-id intentifier), changed the action,compile the ones required, etc.
  If this is what you are looking for when refering to tune signatures CLI will be fine, if more than that is needed well you have all of the software that you could use.
  No other software available
  Looking for some Networking Assistance? 
  Contact me directly at [email protected]
  I will fix your problem ASAP.
  Cheers,
  Julio Carvajal Segura
  http://laguiadelnetworking.com

• Cisco IOS IPS on 2811

  Hi,
  Is it possible to install NM-CIDS-K9 Intrusion module on a Cisco 2811 and run IPS 5.0 on it ? i.e. with similar functionality to a IPS 4200 series appliance.
  From what i understand that you can do the above but the module will only work as IDS and not as in-line IPS (ability to drop packets etc) ?
  Are there any routers that can have a Network module running in IPS mode to provide the same functionality as IPS appliance (4200 etc) ?
  Is it correct that IOS IPS is only a fraction of the appliance based IPS ?
  Regards \\ Naman

  I am not really sure if there are any routers that can have a Network module running in IPS mode to provide the same functionality as IPS appliance as such, but the module will only work as IDS and not as in-line IPS

• Cisco IOS IPS ?

  Hi,
  I am currently studying CCSP SNRS by Greg Bastien. I have the following Lab scenario and would like clarification on what I am seeing. I want to verify that my IPS setup is working, so I have run 'angry ip' port/ip address scan at the router. When I use 'sh ip ips statistics' I see 'signature 3051:1 packets checked: [0:1]' which translates to 'TCP Connection Window Size DoS ATOMIC.TCP'.
  Is this signature 3051 an indication that the router has seen the IP scan ? and considered this a reconnassaince attack. Are there any other ways of verifying the attack ?

  Hi,
  If you see signature alert messages, then it means there is a match and IPS fires an alert message which is the default setting of a signatures.
  In your case, it only means that the 3051:1 signature saw one packet matching, so it just recorded the information. For this signature to fire (which means for ips to identify an attack, it has to check other parameters as well).
  If you look into the details of the definition of this signature, it has a global summary threshold and summary interval settings. Which means the ips has to see this signature match within the summary interval for the number of times defined in the summary threshold, then it will validate a signature match, thus send alarm and perform actions defined in the signature.
  So in your case, it just shows there is a packet matching this signature. You might be able to find more detailed information if you run a sniffer and capture your "angry ip' traffic sent to the router.
  Thanks,
  -Chris

• Correct procedure to update IOS IPS signatures on 2911 router

  What is the correct procedure to update the IOS IPS signatures on an 2911 router?
  I know how to download the signatures file (eg. IOS-S556-CLI.pkg) but what is the correct way to install the update?
  Thank you in advance!

  The IPS signature package comes with a list of pre-enabled signatures, hence Cisco does not recommend enabling a lot more other signatures, especially not every single signature as documented.
  The reason why is because the package might include retired/old signatures only for references, and not every single signature is required to protect your environment because you might not have the traffic for some signatures, you might not have some end hosts that are written with specific signatures, therefore, it becomes irrelevant if you enable it.
  Typically here is how customer would enable/disable signatures:
  - Use the default signature that is enabled by Cisco (the default should fit majority of the customers).
  - Monitor it for a couple of months
  - Disable those that you don't need, and enable others if you think you require it for specific.

• IOS IPS/IDS on a BGP Peering Router?

  We have a pair of BP peerings between our network and our upstream service provider.  Since the peering points are geographically distributed and we run a "cold potato" routing policy on our network we cannot guarantee symmetric routing for traffic exchanged with our upstream service provider.
  Yesterday we followed the bouncing ball through the IPS/IDS setup documentation on a Cisco 2901 running 15.2(4)M3 and acting as a BGP speaking peering router at one of our peering points.  Immediately the router started throwing %IPS-6-SEND_TCP_PAK and %IPS-6-TIMEOUT_EVENT messages in the logs.  We also observed that some upstream service provider web sites became inaccessible to our users.  Turning off IPS/IDS on the 2901 restored connectivity for our users to those web sites.
  Three questions:
  Do the default Cisco IOS IPS/IDS rules assume that the router will see both sides of each TCP session?
  Does the Cisco IOS IPS/IDS TCP stream reassembly assume an attack and send TCP RST frames when it doesn't see both sides of a TCP session?
  Should we move the Cisco IPS/IDS functionality from the BGP-speaking routers at peering points to our customer sites, as the customer sites are the only places in our network guaranteed to see both sides of a given TCP session?  (We already perform NAT on the customer site routers for that reason.)

  Hello Bill,
  1) Yes, there are some normalizer functions on some IOS-IPS signatures that will behave like that with this scenarios (Asymetric routing not something good to any kind of security device)
  2) Yes, it will close the connections, I will definetly need to look for specific actions regarding that but you could just check the IOS IPS Signature statistics  on your router , see which is the one triggering the most and then see the action configured for it (and change it if required)
  3) If you cannot change that behavior then it would be safe to tell the router is not a good place to set an IPS or any other kind of firewall configuration unless you set with a weaker security policy (useless from a security standard point of view)
  Check my blog at http:laguiadelnetworking.com for further information.
  Cheers,
  Julio Carvajal Segura

• IOS IPS auto-update

  Hi,
  I have a couple of questions I hope people could answer:
  1) What recommendations/options are available for downloading signature files to a HTTP/TFTP server prior to having the IOS IPS device pull them from the server?  Is their a way to automate the HTTP/TFTP server downloading the signatures? (Cron job or such)
  2) Does the signature file name change each time a new signature file is released? If it does, would I have to go back to the router to update the URL string that is configured in the ip ips auto-update section? I would hate to have to update 200 CPE devices each time a new signature file is released.
  Hoping someone could answer these or help point me in the right direction to find the answer out.
  regards M

  I found this link with answers my one question.
  Cisco IOS Intrusion Prevention System (IPS)
  Tuning, Deploying and Updating Cisco IOS IPS Signature Sets For Multiple-Device Deployments
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/white_paper_c11_549300.html

• Problems with adding IOS IPS to IPS MC

  Hi,
  We are having problems in adding Cisco IOS IPS (Running on Cisco 1701,12.3(14)T2) into IPS-MC (Version: 2.1.0).
  The IPS MC is able to create the Trust Point on the Router and the Router is also able to download the IPS-MC certificate chain. However after that the process fails with the error
  ++++++++++++++++++++
  Import of sensor x.x.x.x failed.
  Error : Error importing configuration files from the sensor - Unable to import sensor config from IOS IPS: null
  ++++++++++++++++++++
  Any ideas ?
  Thanks \\ Naman

  I am having the same issue and open TAC case for several days..with 1841 and 2811's..same software and IOS
  It works with advipservices but not with advsecurity

• 1841 IOS IPS online updates

  Hi,
  Can we configure 1841 IOS IPS to get automatic signature updates directly from cisco site. I know we can do it in other firewalls like sonicwall, fortigate, etc.
  Regards
  Siva K

  Hi  Siva,
  Yes you can do it from the Cisco Security Manager , or you can try
  Automatic Signature Update Guidelines
  When enabling automatic signature updates, it is recommended that you ensure
  the following configuration guidelines have been met:
  * The router's clock is set up with the proper relative time.
  *The frequency for Cisco IOS IPS to obtain updated signature information has
  been defined.
  *The URL in which to retrieve the Cisco IOS IPS signature configuration files
  has been specified.
  *Optionally, the username and password for which to access the files from the
  server have been specified.
  SUMMARY STEPS
  1. enable
  2. configure terminal
  3. ip ips auto-update
  4. occur-at min:hour date day
  5. username name password password
  6. url url
  7. exit
  8. show ip ips auto-update
  http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1079125
  regards
  Yesua

• Cisco IOS based IPS Services Licensing Query

  Hi Experts,
  We have a Cisco 3945 router at one of our location. Our requirement is to enable the IOS based IPS engine within in the router and would like to load new signature files from cisco website to the router. But i am not much familiar with the licensing part. show version and show ip ips license output has been attached for the reference. Following are my queries.
  1) Is this platform and IOS is capable for enabling IPS Engine?
  2) Is there any extra IPS Services Contract is required (other than the smartnet Coverage) for this router to enable IPS engine and to load new IPS Signature files from Cisco?
  Advanced Thanks and Regards,
  Sihanu N

  1) Is this platform and IOS is capable for enabling  IPS Engine?
  Yes, it is (3945 with a security IOS image will be able to do it)
  2)Is there any extra  IPS Services Contract is required (other than the smartnet Coverage) for this router to enable IPS engine and to load new IPS Signature files from Cisco?
  No, you are good to go.
  I will write a future articule about how to enable this feature on an IOS router so stay tune in my website at http:laguiadelnetworking.com for further information as I will cover all of the details,
  Cheers,
  Julio Carvajal Segura

• DHCP issue on Cisco IOS router

  Hi experts,
  I recently got complaints that some clients can't get IP address through the DHCP server configured on a Cisco IOS router. I turned on debugging on DHCP events and packets and I see the following logs.
  Mar 22 15:33:41: DHCPD: DHCPREQUEST received from client 0100.1b63.f246.8c.
  Mar 22 15:33:41: DHCPD: Finding a relay for client 0100.1b63.f246.8c on interface FastEthernet1/0.10.
  Mar 22 15:33:41: DHCPD: Seeing if there is an internally specified pool class:
  Mar 22 15:33:41:   DHCPD: htype 1 chaddr 001b.63f2.468c
  Mar 22 15:33:41:   DHCPD: remote id 020a0000cf6050011000000a
  Mar 22 15:33:41:   DHCPD: circuit id 00000000
  Mar 22 15:34:02: DHCPD: DHCPREQUEST received from client 0100.1b63.f246.8c.
  Mar 22 15:34:02: DHCPD: Finding a relay for client 0100.1b63.f246.8c on interface FastEthernet1/0.10.
  Mar 22 15:34:02: DHCPD: Seeing if there is an internally specified pool class:
  Mar 22 15:34:02:   DHCPD: htype 1 chaddr 001b.63f2.468c
  Mar 22 15:34:02:   DHCPD: remote id 020a0000cf6050011000000a
  Mar 22 15:34:02:   DHCPD: circuit id 00000000
  Then it will repeat and repeat for this MAC. Any reason why the router is not assigning an IP to it? It actually happens to some other MACs as well... They are from different vendors and located on different switches... I can't really find a pattern for this problem... The DHCP pool hasn't run out and it still has available IPs in it.
  Thanks

  Hi Alain, thanks for quick reply. The followings contain the output that you required. I hided the prefix of the IP with a.b.c. Thanks!
  interface FastEthernet1/0.10
  description : DHCP for EXHIBITION VLAN
  encapsulation dot1Q 10
  ip address a.b.c.1 255.255.255.128
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  end
  r#sh ip dhcp pool
  Pool EXHIBIT :
  Utilization mark (high/low)    : 100 / 0
  Subnet size (first/next)       : 0 / 0
  Total addresses                : 126
  Leased addresses               : 47
  Pending event                  : none
  1 subnet is currently in the pool :
  Current index        IP address range                    Leased addresses
  a.b.c.118        a.b.c.1      - a.b.c.126     47
  #sh run | in/be dhcp
  no ip dhcp use vrf connected
  ip dhcp excluded-address a.b.c.1 a.b.c.11
  ip dhcp excluded-address a.b.c.126
  ip dhcp excluded-address a.b.c.100 a.b.c.101
  ip dhcp excluded-address a.b.c.51
  ip dhcp pool EXHIBIT
     network a.b.c.0 255.255.255.128
     default-router a.b.c.1
     dns-server 207.172.3.8 207.172.3.9
     domain-name xyz.com
  #sh ip dhcp binding
  Bindings from all pools not associated with VRF:
  IP address          Client-ID/              Lease expiration        Type
                      Hardware address/
                      User name
  a.b.c.19        0168.7f74.6260.9b       Mar 23 2011 01:56 PM    Automatic
  a.b.c.52        0100.4854.897d.17       Mar 23 2011 12:53 PM    Automatic
  a.b.c.56        0100.4063.e7b5.b2       Mar 23 2011 03:33 PM    Automatic
  a.b.c.57        0100.1b63.f246.8c       Mar 23 2011 03:34 PM    Automatic
  a.b.c.68        015c.5948.0b97.d6       Mar 22 2011 05:59 PM    Automatic
  a.b.c.69        0168.7f74.626d.67       Mar 23 2011 07:07 AM    Automatic
  a.b.c.70        0198.fc11.5027.1d       Mar 22 2011 07:04 PM    Automatic
  a.b.c.71        01dc.2b61.04ba.af       Mar 22 2011 10:26 PM    Automatic
  a.b.c.72        017c.c537.58e6.64       Mar 22 2011 08:37 PM    Automatic
  a.b.c.73        017c.6d62.3303.57       Mar 23 2011 03:54 AM    Automatic
  a.b.c.74        0124.ab81.cda4.68       Mar 23 2011 05:01 AM    Automatic
  a.b.c.75        0100.1e52.8f11.a5       Mar 23 2011 02:47 PM    Automatic
  a.b.c.76        0100.264a.5fc8.e3       Mar 23 2011 07:13 AM    Automatic
  a.b.c.77        017c.6d62.38cd.40       Mar 23 2011 02:06 PM    Automatic
  a.b.c.78        0100.1d4f.f647.79       Mar 23 2011 02:37 PM    Automatic
  a.b.c.79        0100.26b0.8637.3d       Mar 23 2011 01:16 PM    Automatic
  a.b.c.81        0130.694b.e9de.82       Mar 23 2011 03:19 PM    Automatic
  a.b.c.82        0100.21e9.6864.80       Mar 23 2011 12:04 PM    Automatic
  a.b.c.83        0124.ab81.63e6.b5       Mar 23 2011 09:38 AM    Automatic
  a.b.c.84        0100.16b6.0455.c2       Mar 23 2011 09:42 AM    Automatic
  a.b.c.85        0100.1302.4c96.9e       Mar 23 2011 09:49 AM    Automatic
  a.b.c.86        0140.a6d9.741c.e0       Mar 23 2011 12:12 PM    Automatic
  a.b.c.87        0100.264a.b8e9.50       Mar 23 2011 10:16 AM    Automatic
  a.b.c.88        0140.a6d9.4911.67       Mar 23 2011 03:19 PM    Automatic
  a.b.c.89        013c.7437.1e32.96       Mar 23 2011 10:27 AM    Automatic
  a.b.c.90        01d8.3062.689c.4b       Mar 23 2011 11:55 AM    Automatic
  a.b.c.91        0158.946b.4df8.bc       Mar 23 2011 10:49 AM    Automatic
  a.b.c.92        0100.2215.7368.26       Mar 23 2011 10:23 AM    Automatic
  a.b.c.93        0100.23df.76ea.90       Mar 23 2011 02:33 PM    Automatic
  a.b.c.94        0124.ab81.708d.83       Mar 23 2011 03:58 PM    Automatic
  a.b.c.95        0100.1cb3.163d.5a       Mar 23 2011 03:13 PM    Automatic
  a.b.c.96        01cc.08e0.2aeb.96       Mar 23 2011 01:27 PM    Automatic
  a.b.c.97        0188.c663.d0d0.55       Mar 23 2011 01:57 PM    Automatic
  a.b.c.98        0100.1b77.08bb.89       Mar 23 2011 01:15 PM    Automatic
  a.b.c.99        0100.1ec2.47d7.19       Mar 23 2011 12:43 PM    Automatic
  a.b.c.102       0100.1310.8e74.78       Mar 23 2011 12:41 PM    Automatic
  a.b.c.103       0100.24d6.58b0.82       Mar 23 2011 01:44 PM    Automatic
  a.b.c.104       0100.2608.7df2.68       Mar 23 2011 03:23 PM    Automatic
  a.b.c.106       01c8.bcc8.1a86.41       Mar 23 2011 03:56 PM    Automatic
  a.b.c.107       01a4.6706.1e54.94       Mar 23 2011 04:08 PM    Automatic
  a.b.c.108       017c.c537.46ac.0e       Mar 23 2011 02:41 PM    Automatic
  a.b.c.111       0100.037f.0ea2.19       Mar 23 2011 02:47 PM    Automatic
  a.b.c.112       01d8.3062.75c5.9c       Mar 23 2011 03:33 PM    Automatic
  a.b.c.113       0021.9116.449e          Mar 23 2011 03:36 PM    Automatic
  a.b.c.114       0100.1ff3.46d9.a9       Mar 23 2011 03:40 PM    Automatic
  a.b.c.116       0104.1e64.4a0d.a3       Mar 23 2011 04:21 PM    Automatic
  a.b.c.117       0190.27e4.4ae8.94       Mar 23 2011 04:24 PM    Automatic
  Thanks!

• Cisco IOS Router to PIX VPN Issues

  Hi Everyone,
  I have a small issue here which someone may be able to shed some light on.
  I have a Cisco IOS router which is terminating a site-to-site VPN connection on the dialer interface. The PIX on the other end is behind a NAT router. The tunnel is being established and one subnet is able to see another when the tunnel is up. The thing we are having an issue is both networks on each side of the VPN contain multiple subnets and i cannot connect to all the subnets over the same tunnel.
  Any ideas.

  Yes all this is setup.
  I have just found out that Cisco IOS can only make connections from 1 network per crypt map unless multiple connections are made from server to host. This is quite disturbing because i have not seen this in any documentation.
  Does anyone know of IOS to PIX IPsec with multiple subnets on each side of the network.

• SSLVPN with iPhone Anyconnect and Cisco IOS Router, Certificate Authentication failed

  Hello,
  i have a problem regarding the authentication with a certificate from the iPhone Anyconnect 2.5 Client to a 1802 Cisco Router.
  Cisco 1802 Router:
  Cisco IOS Software, C180X Software (C180X-ADVENTERPRISEK9-M), Version 15.1(1)T, RELEASE SOFTWARE (fc1)
  First i configured SSLVPN with username and password, in this configuration the Anyconnect Client of my iPhone works.
  then i enrolled a certificate from my Windows 2008 R2 CA to the Router with the Attributes: Server Authentication and IPSEC
  and i enrolled a certificate for my iPhone with Client Authentication and IPSEC
  after a bunch of time ( i realy could not find a really good documentation on how to do this) i got it done, in the webvpn context configuration i made this changes here:
  no aaa authentication list default
  authentication certificate
  ca trustpoint CA
  as the "SSL VPN Configuration Guide, Cisco IOS Release 15.1M&T" says: if i want only certificate authentication i had to user the "authentication certificate" command and thats it.
  as i look into the debugs it seems to me that the Router accepts the certificate of the iPhone, but then i receive a window on the iphone that wants an additional username and password authentication, and no matter what i enter there's always the same dialog coming back..
  any ideas what the problem could be???
  here is the configuration:
  webvpn gateway WEBVPN_GW_OFFICE2
  ip interface Dialer0 port 1444
  ssl trustpoint CA
  inservice
  webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179.pkg sequence 1
  webvpn install svc flash:/webvpn/anyconnect-win-3.0.4235-k9.pkg sequence 2
  webvpn install svc flash:/webvpn/anyconnect-dart-win-2.5.3055-k9.pkg sequence 3
  webvpn context WEBVPN_CONTEXT2
  secondary-color white
  title-color #669999
  text-color black
  ssl authenticate verify all
  policy group WEBVPN_POLICY2
     functions svc-enabled
     mask-urls
     svc address-pool "SSLVPN_OFFICE1"
     svc default-domain "domain.internal"
     svc keep-client-installed
     svc split include 192.168.0.0 255.255.0.0
     svc dns-server primary 192.168.53.33
     svc dns-server secondary 192.168.53.35
  virtual-template 3
  default-group-policy WEBVPN_POLICY2
  gateway WEBVPN_GW_OFFICE2
  authentication certificate
  ca trustpoint CA
  inservice
  here is the debug:
  OfficeRouter1# PASSING appctx is [0x89FAFFCC]
  Nov 19 22:39:53.507: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.507: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.607: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.607: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x15A07AB8, len: 469,
        offset: 0, domain: 0)
  Nov 19 22:39:53.607: WV: http request: / with no cookie
  Nov 19 22:39:53.607: WV: validated_tp : CA cert_username :  matched_ctx :
  Nov 19 22:39:53.607: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:39:53.607: WV: Trustpoint match successful
  Nov 19 22:39:53.607: WV: Extracted username:  pass: ?
  Nov 19 22:39:53.607: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=661 bytes=661 tcb=0x8811FE60
  Nov 19 22:39:53.607: WV: Appl. processing Failed : 2
  Nov 19 22:39:53.607: WV: sslvpn process rcvd context queue event
  BueroRouter1# PASSING appctx is [0x89FAEEC4]
  Nov 19 22:40:24.028: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.032: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.132: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.132: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x160C4038, len: 469,
        offset: 0, domain: 0)
  Nov 19 22:40:24.132: WV: http request: / with no cookie
  Nov 19 22:40:24.132: WV: validated_tp : CA cert_username :  matched_ctx :
  Nov 19 22:40:24.132: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:40:24.132: WV: Trustpoint match successful
  Nov 19 22:40:24.132: WV: Extracted username:  pass: ?
  Nov 19 22:40:24.132: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=661 bytes=661 tcb=0x88D11EEC
  Nov 19 22:40:24.136: WV: Appl. processing Failed : 2
  Nov 19 22:40:24.136: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.764: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.880: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.892: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.892: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x1616FD38, len: 610,
        offset: 0, domain: 0)
  Nov 19 22:40:39.892: WV: http request: /webvpn.html with domain cookie
  Nov 19 22:40:39.892: WV: validated_tp :  cert_username :  matched_ctx :
  Nov 19 22:40:39.892: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:40:39.892: WV: Trustpoint match successful
  Nov 19 22:40:39.892: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=607 bytes=607 tcb=0x88D11EEC
  Nov 19 22:40:39.892: WV: Appl. processing Failed : 2
  Nov 19 22:40:39.892: WV: sslvpn process rcvd context queue event

  http://www.cisco.com/en/US/products/ps8411/products_qanda_item09186a00809aec31.shtml
  HI,
  Refer to
  AnyConnect VPN Client FAQ
  Q. Is it possible to connect the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router?
  A. No. It is not possible to connect  the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router.  AnyConnect on iPad/iPhone can connect only to an ASA that runs version  8.0(3).1 or later. Cisco IOS is not supported by the AnyConnect VPN  Client for Apple iOS. For more information, refer to the Security Appliances and Software Supported section of the Release Notes for Cisco AnyConnect Secure Mobility Client 2.4, Apple iOS 4.2 and 4.3.

• Basic questions about CISCO IOS

  Hi everybody, Jack here,
  I have some basic questions about the Cisco IOS, could someone help me addressing some of them please? Any feedback would be greatly appreciated.
  Basically, I have two IP addresses assigned by our Cable ISP. From what I understood you can configure a Cisco router for multiple IP addresses using the IOS, thereby allowing someone like myself to take advantage of having multiple IP addresses. This may seem unnecessary to some, but I've always wanted to put the 2nd IP address to use, since after all, I've been paying for it.
  I was just wondering if someone could confirm that what I'm hoping to accomplish is indeed within the capability of the Cisco IOS (i.e. Fully utilize my 2 IP addresses). As well, if someone could kindly suggest a decent CISCO router for online gaming home use that would be super awesome!
  Thank you all so much for reading through the wall of text:)
  Jack

  Jack
  Certainly using multiple IP addresses is in the capability of Cisco IOS routers. How they can be used depends on the relationship of the IP addresses. I am assuming that we are talking about IP addresses assigned for the user to use and that the IP address for the ISP connection is not one of these that we are talking about.
  If both of the IP addresses that you have been assigned are within the same subnet then you would assign one of the addresses to the router interface to establish IP communication between the router and the ISP and to enable Internet connectivity for the devices inside your network that will use the router as their gateway to the Internet. The other address that is assigned can be used for address translation and in particular for static address translation which would make one of your devices inside to be reachable for connections initiated from the Internet (if that is something that you might want to do).
  If the addresses that are assigned to you are in different subnets then you could assign one address to the outside router interface and assign the other address to the router inside interface. Or you could use the second address for address translation.
  I do not have much expertise with online gaming, but I would think that either the Cisco 881 router or the 890 router might be appropriate for you. If 100 Mb connection is sufficient then probably the 881 would be the one to look at. If you need Gig connection then look at the 890.
  HTH
  Rick

• IOS IPS 3845 router

  The IOS IPS keeps failing. For some reason it sends the alerts to MARS and then all of a sudden the IPS is disabled on the interface. This config. was down through SDM.

  CS-MARS also integrates tightly with Cisco's premier security management suite, Cisco Security Manager (CSM). This tight integration maps traffic-related syslog messages to the firewall policies defined in CSM that triggered the event. Policy lookup enables rapid, round-trip analysis for troubleshooting firewall configuration-related network problems, policy configuration errors, and fine-tuning defined policies.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_tech_notes_list.html