https://community.cisco.com/t5/network-security/aip-ssm-configuration-blocking-smtp/m-p/914735#M85055 <HTML><HEAD></HEAD><BODY><P>You may need to create an access-list permitting all traffic, and then apply the access-list to both interfaces in both directions (in and out).</P><P>This will ensure connections can go from the lower security zone to the higher as well as from the higher security zone to the lower.</P><P></P><P>You may also need to add icmp permit lines to permit icmp traffic through each interface.</P></BODY></HTML> Tue, 18 Dec 2007 16:55:03 GMT marcabal 2007-12-18T16:55:03Z https://community.cisco.com/t5/network-security/aip-ssm-configuration-blocking-smtp/m-p/914734#M85050 <P>Hi all,</P><P></P><P> I need some help regarding a deployment of a IPS module on a ASA. I configured it in transparent mode, with the intention to only monitor the traffic going through the module. Otherwise after aplying the policy and put it in operation, it started blocking SMTP and ICMP traffic. Here follows the configuration applied to it:</P><P></P><P>class-map outside-class</P><P> match any</P><P></P><P>policy-map outside-policy</P><P> class outside-class</P><P> ips promiscuous fail-open</P><P>!</P><P>service-policy outside-policy interface outside</P><P></P><P>Is there anything else I should consider to put this module just monitoring the traffic instead of having it denying any traffic?</P><P></P><P>Thanks in Advance</P><P></P><P></P> Sun, 10 Mar 2019 10:54:43 GMT https://community.cisco.com/t5/network-security/aip-ssm-configuration-blocking-smtp/m-p/914734#M85050 carlos.allevato 2019-03-10T10:54:43Z https://community.cisco.com/t5/network-security/aip-ssm-configuration-blocking-smtp/m-p/914735#M85055 <HTML><HEAD></HEAD><BODY><P>You may need to create an access-list permitting all traffic, and then apply the access-list to both interfaces in both directions (in and out).</P><P>This will ensure connections can go from the lower security zone to the higher as well as from the higher security zone to the lower.</P><P></P><P>You may also need to add icmp permit lines to permit icmp traffic through each interface.</P></BODY></HTML> Tue, 18 Dec 2007 16:55:03 GMT https://community.cisco.com/t5/network-security/aip-ssm-configuration-blocking-smtp/m-p/914735#M85055 marcabal 2007-12-18T16:55:03Z https://community.cisco.com/t5/network-security/aip-ssm-configuration-blocking-smtp/m-p/914736#M85060 <HTML><HEAD></HEAD><BODY><P>Thanks Marcabal for your reply. I'll proceed with the changes and let you know about the results. </P></BODY></HTML> Tue, 18 Dec 2007 17:15:39 GMT https://community.cisco.com/t5/network-security/aip-ssm-configuration-blocking-smtp/m-p/914736#M85060 carlos.allevato 2007-12-18T17:15:39Z