Re: AIP-SSM 420002 - IPS requested to drop TCP packet from 'sour - Page 2

trustcisco · ‎10-05-2010

Hi guys,

I have an asa 5510 with aip-ssm installed. I have a DMZ with security level 90 where a web server is located.

When AIP-SSM is in inline mode i get the following message 4 Oct 05 2010 14:37:15 WEB 80 x.x.x.x 30115 IPS requested to drop TCP packet from WEB-DMZ:WEB/80 to OUTSIDE:x.x.x.x/30115

From what i can see the message apears many times with source interface the WEB-DMZ and destination either outside,inside or other dmz interface depending of who is requesting access to the web server.

The result is that the web server isnt accessible either from outside or inside.

The syslog id that i am getting is the 420002 but i didn't find any logical explation of why this id is triggered.

Any help ?

Thanks.

praprama · ‎10-08-2010

By the way, can you check if there are any "blocked hosts" or "blocked networks" on your IPS sensor? That could be a reason why you are not getting logs though the IPS is requesting packets to be dropped.

Thanks and Regards,

Prapanch

trustcisco · ‎10-08-2010

No i don't have any blocked hosts or networks, the sensor is working fine now without denying any traffic... :/ , although this is good news i do not understand why the other signatures are not show on the IPS Manager...

Thanks for your help Prapanch.

AIP-SSM 420002 - IPS requested to drop TCP packet from 'source' to 'destination'