R3(config-sigdef-sig-engine)#event-action deny-packet-inlineĭo you want to accept these changes? R3(config-sigdef-sig-engine)#event-action produce-alert R3(config-sigdef-sig-status)#enabled true R3(config-sigdef-sig-status)#retired false
Use these commands to unretire, enable ICMP request signature, drop the packet, and produce an alert: SYSLOG functionality was enabled on SERVER to receive IPS alerts. In order to test, one thing was preconfigured: The IPS signature and sub-signature IDs for ICMP requests are 2004 and 0. We will consider the subnet 10.10.20.0/24 (the link between R3 and PC_2) as the internal network/secure network. The goal of the simulator is configure R3 to will allow ICMP traffic between PC and SERVER only if the PC initiate the ping. For instance, on the subnet 10.10.12.0/24, R2 has 10.10.12.2/24 and R1 has 10.10.12.1/24.Īll three routers are running OSPF in area 0, so the end host and the server will have connectivity between them. For instance, the loopback address of R3 is 1.1.1.3/32.Īlso, each subnet between the routers is written on the topology and every router uses its router number as the last octet. The default gateway of the PC is the router’s IP address.įor instance, the subnet with PC_2: PC_2 has the IP address of 10.10.20.100/24 and R3’s interface IP address is 10.10.20.1/24.Įach router has a loopback address in the form of 1.1.1.X/32, where X is the router number. 1 and last octet of the PC’s IP address is. Regarding the topology, on the subnets where a PC/SERVER is connected, the router’s interface has the IP address whose last octet is.
You can use this file to compare your configuration.
0 kommentar(er)
