Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
1
Replies

Layer 4 http access issue IPS 4270-20

xs.gautam
Level 1
Level 1

‎04-14-2010 11:42 PM - edited ‎03-10-2019 04:57 AM

Hi there,

PFA,

We are facing an issue while accessing one of our Server in DMZ, which is connected to 2960 switch in DMZ from inside segment of ASA.

We have two IPS boxes which are connected as per network diag attached.

We are able to access that particular server in DMZ  when Primary PIX is active & Primary ASA is active, from inside zone of ASA.

But as when PIX failover (Secondary is active ) I am not able to have http access to server though ping works fine. Also when ASA also failover

(Secondary ASA is active) problem gets resolved and http access to server is available.

Two IPS have been connected in Inline mode as per netdiag, with default signature & event action policy.

If we bypass the IPS by directly connecting PIX to DMZ switch, server is http accessible again. But as IPS is again enabled, http stops but ping works.

We suspected IPS blocking it but there are no event logs on both IPS.

Is there anyway we can bypass traffic for that particular server through IPS ?

Please let me know if you need anything to troubleshoot.

Regards

Gautam

Labels:
Preview file
45 KB
0 Helpful
1 Reply 1

xs.gautam
Level 1
Level 1

‎04-14-2010 11:45 PM

Please assume one server connected to any of DMZ switch 2960 shown in the network diag as i have missed it there for brevity.

Note: Thanks anyways the issue has been resolved now.It was due to anamoly signature detections. We are still monitoring it

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card