topic TCP Reset is not working in promiscuous mode for http service in Network Security https://community.cisco.com/t5/network-security/tcp-reset-is-not-working-in-promiscuous-mode-for-http-service/m-p/1627975#M65822 <P>Hi,</P><P></P><P>I have configured IDSM-2 in Promiscuous mode using VACLs. I have verified the configuration which is correct, IDSM-2 is capturing all the traffic from specified vlans. Issue is that when I want to block any website let suppose "facebook" for any particular user. and add the action "Reset TCP Connection" in the http service signature it does not work. The site can open by this user, although I can see the sig is triggered in the real time event (IDMS logs) and also it show the action perform against this attack but it is not resetting the TCP connection. Kindly advise.</P><P></P><P></P><P>Thanks,</P><P>Aman</P> Sun, 10 Mar 2019 12:14:08 GMT Shaikh Aman Uddin 2019-03-10T12:14:08Z TCP Reset is not working in promiscuous mode for http service https://community.cisco.com/t5/network-security/tcp-reset-is-not-working-in-promiscuous-mode-for-http-service/m-p/1627975#M65822 <P>Hi,</P><P></P><P>I have configured IDSM-2 in Promiscuous mode using VACLs. I have verified the configuration which is correct, IDSM-2 is capturing all the traffic from specified vlans. Issue is that when I want to block any website let suppose "facebook" for any particular user. and add the action "Reset TCP Connection" in the http service signature it does not work. The site can open by this user, although I can see the sig is triggered in the real time event (IDMS logs) and also it show the action perform against this attack but it is not resetting the TCP connection. Kindly advise.</P><P></P><P></P><P>Thanks,</P><P>Aman</P> Sun, 10 Mar 2019 12:14:08 GMT https://community.cisco.com/t5/network-security/tcp-reset-is-not-working-in-promiscuous-mode-for-http-service/m-p/1627975#M65822 Shaikh Aman Uddin 2019-03-10T12:14:08Z Re: TCP Reset is not working in promiscuous mode for http servic https://community.cisco.com/t5/network-security/tcp-reset-is-not-working-in-promiscuous-mode-for-http-service/m-p/1627976#M65826 <HTML><HEAD></HEAD><BODY><P>Hello Aman,</P><P></P><P>Can you please do a SPAN capture with a source VLAN of the VLAN that the RST should go out on and see if the RST appears in the capture? If the RST does not appear in the capture, work your way back to the IPS and do a capture directly on the blade to see if the RST is egressing the IPS. </P><P></P><P>Thank you,</P><P>Blayne</P><P></P><P>Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Sun, 16 Jan 2011 00:41:41 GMT https://community.cisco.com/t5/network-security/tcp-reset-is-not-working-in-promiscuous-mode-for-http-service/m-p/1627976#M65826 Christopher Dreier 2011-01-16T00:41:41Z