08-30-2012 02:37 PM - edited 03-10-2019 05:45 AM
I'm having issues where the IDSM-2 is blocking internal users from accessing the internet. When I run a report, I see TCP OVERWRITE errors on the PAT'd address of the firewall (FWSM). I have to reboot the IDSM-2 to get it working again... I'm running the IDSM-2 "inline".
Cisco is telling me that I should put the IDSM-2 behind the firewall but isn't that allowing bad traffic to hit the firewall?
Sent from Cisco Technical Support iPad App
08-31-2012 07:59 PM
Ideally IPS should be behind the firewall, but depeds on your deployment scenario.
What kind of signature do you see firing on IDSM-2 ?
(Check via "show stats virtual-sensor")
http://www.cisco.com/en/US/docs/security/asa/quick_start/ips/ips_qsg.html
"Traffic goes through the firewall checks before being forwarded to the IPS module."
Regards,
Sawan Gupta
09-01-2012 10:18 AM
TCP Overwrite signature 1300/0
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide