During creation of Cisco IOS IPS rules information about port numbers is lost making it impossible to work for many intrusion detection signatures.
vulners.com/securityvulns/securityvulns:doc:10090