Recently we configured an IPS 4240 for our customer. We used two of the Interfaces and configured them as an "Inline Interface Pair" and put them between the customers Edge Network and their DMZ.
While letting the Engine run last week, each time the IPS would run OK for about 3 or 4 hours, then ineviteably the customers Internet connection would stop working. Upon inspection, each time I found that the IPS unit would place the Global PAT address off of the ASA into "denied attackers". All is well each time I clear the list.
Is there any way I can configure this so that it wont block the Global PAT adx of the Firewall?