I have an IPS4215 installed behind a 515E firewall. When clients use the Cisco VPN Client to connect to the firewall (and access a sensitive server behind it) I get multiple hits on Sig 1300/0 TCP Segment Overwrite. Summarization keeps the number of counts down, but sometimes I'm seeing 200+ events per connection. I need to determine how this should be tuned.
Where can I find more information about the specifics of this signature? I'm not clear from the NSDB why this would occur in this case.