Cisco Systems ASA 5585-X Manual De Usuario

28-3

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 28 Using Protection Tools

Configuring IP Audit for Basic IPS Support

The IP audit feature provides basic IPS support for the ASA that does not have an AIP SSM. It supports
a basic list of signatures, and you can configure the ASA to perform one or more actions on traffic that
matches a signature.

This section includes the following topics:

•

Configuring IP Audit, page 28-3

•

IP Audit Signature List, page 28-4

Configuring IP Audit

To enable IP audit, perform the following steps:

Step 1

To define an IP audit policy for informational signatures, enter the following command:

ciscoasa(config)# ip audit name name info [action [alarm] [drop] [reset]]

Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.

Step 2

To define an IP audit policy for attack signatures, enter the following command:

ciscoasa(config)# ip audit name name attack [action [alarm] [drop] [reset]]

Step 3

To assign the policy to an interface, enter the following command:

ip audit interface

interface_name policy_name

Step 4

To disable signatures, or for more information about signatures, see the ip audit signature command in
the command reference.