cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1573
Views
0
Helpful
6
Replies

CISCO IPS 4255

r.barba
Level 1
Level 1

Hi Friend

I have a Cisco IPS 4255, and I put all the upgrades that Cisco recomend. So, I put the ARES signature with TCP RESET like the action, but the ARES is working without the problem, and I need to stop these traffic. How can I stop the ARES P2P traffic.

I will wait your answer.

Regards

Rafael Barba

6 Replies 6

rhermes
Level 7
Level 7

Is your sensor in-line or sniffing in promiscious mode? If it is in-line then you can drop the packets instead of sending a TCP Reset. If your sesor is promiscious, then you need a method of transmitting those resets back into the traffic stream.

Hi friend thank you for your answer, my sensor is in-line mode, and I have configured the signture with both actions.

TCP reset and deny inline packet???, Should I change the action to other???, please tell me wich one???

Regards

Rafael Barba

If your sensor is physically in-line then you only need to drop. Are your ARES signatures firing?

Check your alert log with "show event alert past 01:00" to see the past 1 hour of signature alerts.

Hi friend.

Thank you for your answer, You know that the ARES signatures is not firing, I don not why??? I am sending 2 pictures ipslog1.jpg (is my signatures configuration), ipslog2.jpg (is the action configuration), What must I do in order to fix this issue.

Regards

Rafael Barba

Hi friend.

Do you have any answer, about hi can I block the ARES with the IPS 4255??, I sent you my signature configuration, but I did not receive nothing. Could you help me??

Regards

Rafael Barba

check to see if your ARES is triggering that IPS signature.

Review Cisco Networking for a $25 gift card