Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
A redundant SUP720 module will not come online and I believe the problem is there is not a valid IOS image on the module's disk0:I plan to get a CF card with a valid IOS in that slot and reload the module. To restore this module to be SSO redundant t...
When the IDSM-2 is in-line does it always perform IP/TCP normalization functions on all traffic (modify/drop/fragment re-assembly) even if I disable all of the normalization signatures?ThanksThomas
I want to put the ISDM "in-line" between my internet edge router and my firewall (FWSM which is in the same chassis as the IDSM). In order to have traffic flow from the internet edge router into the IDSM, then out of the IDSM to the FWSM, I will need...
I have IDSM modules in 6513 switches. Is there any way to synchronize the configuration of the IDSM in the primary switch to the IDSM in the secondary switch? In the configuration guide I found a reference to "merging" a backup configuration to a cur...
I have see a couple of alerts from my IDSM for signature 6005/0 "Unencrypted SSL Traffic." The target ip address is one of my ssl proxy ip addresses (on CSM-S) tcp port 443. An example of the unencrypted traffic sent:GET http://www.yahoo.com/ HTTP/1....
Thanks very much for your time, Ursula. Do you know if the IDSM performs fragment reassembly and tcp normalization even if the signatures in the Normalizer Engine are disabled? In the IDM GUI under Signature Definition > Miscellaneous are "Fragment R...
The CSM-S sits in front of web servers and acts a 'reverse proxy' for those web servers. This is not a forward proxy for allowing users to access the internet.The IDS is in front of the CSM-S, so the IDS is reporting a client with a connection to myw...
I saw the same behavior with connectivity to ASA 5540 with Cisco client 4.8. I could login with client but could not connect to anything. 'show crypto ipsec sa' showed my security association with packets decrypted, but none encrypted. A static route...
I am also curious about the purpose/usefulness of the auto and desirable modes for Etherchannel. What are the advantages over simply using the "ON" mode?
