I recently turned on the AIP-SSM in our ASA 5540. It seems to be working fine, except for inside users are now unable to acquire a good VPN connection to another site.
They are using the Cisco VPN client. The client will connect for 1 or 2 minutes, and the connection provides sporadic access to resources on the other end. After about 2 minutes the VPN disconnects.
If I remove the service policy (passing ALL traffic through the IPS), the VPN works fine. Partial config...
ips inline fail-open
service-policy IPS interface outside
Any quick ideas? Thank you.