Filter
Top Products
28-3
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 28 Using Protection Tools
Configuring IP Audit for Basic IPS Support
Configuring IP Audit for Basic IPS Support
The IP audit feature provides basic IPS support for the ASA that does not have an AIP SSM. It supports
a basic list of signatures, and you can configure the ASA to perform one or more actions on traffic that
matches a signature.
This section includes the following topics:
• Configuring IP Audit, page 28-3
• IP Audit Signature List, page 28-4
Configuring IP Audit
To enable IP audit, perform the following steps:
Step 1 To define an IP audit policy for informational signatures, enter the following command:
ciscoasa(config)# ip audit name name info [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step 2 To define an IP audit policy for attack signatures, enter the following command:
ciscoasa(config)# ip audit name name attack [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step 3 To assign the policy to an interface, enter the following command:
ip audit interface interface_name policy_name
Step 4 To disable signatures, or for more information about signatures, see the ip audit signature command in
the command reference.