Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
1
Replies

AIP SSM blocking CIsco VPN

tlpearson79
Level 1
Level 1

‎01-22-2009 08:43 AM - edited ‎03-10-2019 04:28 AM

Hello,

I recently turned on the AIP-SSM in our ASA 5540. It seems to be working fine, except for inside users are now unable to acquire a good VPN connection to another site.

They are using the Cisco VPN client. The client will connect for 1 or 2 minutes, and the connection provides sporadic access to resources on the other end. After about 2 minutes the VPN disconnects.

If I remove the service policy (passing ALL traffic through the IPS), the VPN works fine. Partial config...

class-map IPS

match any

policy-map IPS

class IPS

ips inline fail-open

service-policy IPS interface outside

Any quick ideas? Thank you.

Labels:
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎01-22-2009 12:18 PM

Your symptoms certainly sound like the IPS is dropping packets in your VPN connection.

Check your sensor event log with:

show event past 01:00

to see all events in the past hour, some alerts (sh event alert past 01:00) are supressed, depending on the signature settings. If you can determine which signature is responsible, you can disable the signature, or remove the drop action. Keep in mind that any signature with a high risk rating (80 or better?) gets dropped automaticly, reguardless of the action setting of that signature.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card