AIP SSM blocking CIsco VPN

Unanswered Question
Jan 22nd, 2009
User Badges:


I recently turned on the AIP-SSM in our ASA 5540. It seems to be working fine, except for inside users are now unable to acquire a good VPN connection to another site.

They are using the Cisco VPN client. The client will connect for 1 or 2 minutes, and the connection provides sporadic access to resources on the other end. After about 2 minutes the VPN disconnects.

If I remove the service policy (passing ALL traffic through the IPS), the VPN works fine. Partial config...

class-map IPS

match any

policy-map IPS

class IPS

ips inline fail-open

service-policy IPS interface outside

Any quick ideas? Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Thu, 01/22/2009 - 12:18
User Badges:
  • Gold, 750 points or more

Your symptoms certainly sound like the IPS is dropping packets in your VPN connection.

Check your sensor event log with:

show event past 01:00

to see all events in the past hour, some alerts (sh event alert past 01:00) are supressed, depending on the signature settings. If you can determine which signature is responsible, you can disable the signature, or remove the drop action. Keep in mind that any signature with a high risk rating (80 or better?) gets dropped automaticly, reguardless of the action setting of that signature.


This Discussion