Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
1
Replies

TCP Reset is not working in promiscuous mode for http service

Shaikh Aman Uddin
Level 1
Level 1

‎01-14-2011 10:05 PM - edited ‎03-10-2019 05:14 AM

Hi,

I have configured IDSM-2 in Promiscuous mode using VACLs. I have verified the configuration which is correct, IDSM-2 is capturing all the traffic from specified vlans. Issue is that when I want to block any website let suppose "facebook" for any particular user. and add the action "Reset TCP Connection" in the http service signature it does not work. The site can open by this user, although I can see the sig is triggered in the real time event (IDMS logs) and also it show the action perform against this attack but it is not resetting the TCP connection. Kindly advise.

Thanks,

Aman

Labels:
0 Helpful
1 Reply 1

Christopher Dreier
Level 3
Level 3

‎01-15-2011 04:41 PM

Hello Aman,

Can you please do a SPAN capture with a source VLAN of the VLAN that the RST should go out on and see if the RST appears in the capture? If the RST does not appear in the capture, work your way back to the IPS and do a capture directly on the blade to see if the RST is egressing the IPS.

Thank you,

Blayne

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card