TCP Reset is not working in promiscuous mode for http service

Shaikh Aman Uddin · ‎01-14-2011

Hi,

I have configured IDSM-2 in Promiscuous mode using VACLs. I have verified the configuration which is correct, IDSM-2 is capturing all the traffic from specified vlans. Issue is that when I want to block any website let suppose "facebook" for any particular user. and add the action "Reset TCP Connection" in the http service signature it does not work. The site can open by this user, although I can see the sig is triggered in the real time event (IDMS logs) and also it show the action perform against this attack but it is not resetting the TCP connection. Kindly advise.

Thanks,

Aman

Christopher Dreier · ‎01-15-2011

Hello Aman,

Can you please do a SPAN capture with a source VLAN of the VLAN that the RST should go out on and see if the RST appears in the capture? If the RST does not appear in the capture, work your way back to the IPS and do a capture directly on the blade to see if the RST is egressing the IPS.

Thank you,

Blayne

Sent from Cisco Technical Support iPhone App

TCP Reset is not working in promiscuous mode for http service

Question on tcp idle reset

rip is not working

EU Digital Services Act (DSA)

Factory Reset Cisco Catalyst 9124 AP

TCP Out-of-Order | 在复杂网络环境中排查 TCP 传输慢的问题