10-05-2010 04:50 AM - edited 03-10-2019 05:08 AM
Hi guys,
I have an asa 5510 with aip-ssm installed. I have a DMZ with security level 90 where a web server is located.
When AIP-SSM is in inline mode i get the following message 4 Oct 05 2010 14:37:15 WEB 80 x.x.x.x 30115 IPS requested to drop TCP packet from WEB-DMZ:WEB/80 to OUTSIDE:x.x.x.x/30115
From what i can see the message apears many times with source interface the WEB-DMZ and destination either outside,inside or other dmz interface depending of who is requesting access to the web server.
The result is that the web server isnt accessible either from outside or inside.
The syslog id that i am getting is the 420002 but i didn't find any logical explation of why this id is triggered.
Any help ?
Thanks.
10-08-2010 05:19 PM
By the way, can you check if there are any "blocked hosts" or "blocked networks" on your IPS sensor? That could be a reason why you are not getting logs though the IPS is requesting packets to be dropped.
Thanks and Regards,
Prapanch
10-08-2010 11:39 PM
No i don't have any blocked hosts or networks, the sensor is working fine now without denying any traffic... :/ , although this is good news i do not understand why the other signatures are not show on the IPS Manager...
Thanks for your help Prapanch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide