Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
3
Replies

Why my IPS - aip-ssm send requests to 80.53.146.82 port 80

fisko
Level 1
Level 1

‎05-26-2009 01:47 AM - edited ‎03-10-2019 04:38 AM

I have a web proxy ..tunnel filters...and AIP-SSM....inside of the network...i configure host service, network setting and hhtp-proxy to use my proxy when updating global corelation ...

On proxy I allow hhtps to 204.15.82.17 ---ironport service.

In proxy log I see that https to 204.15.82.17 is allowed and after that ips try to sending http packets to 80.53.146.82 -----I SEE in the RIPE that is AKAMAI technologies IP..address.

What is this?

Why my IPS - aip-ssm send requests to 80.53.146.82 port 80

Labels:
0 Helpful
3 Replies 3

Farrukh Haroon
VIP Alumni
VIP Alumni

‎05-26-2009 06:09 AM

The IPS is not a layer three device, it does not send any packets like you describe, What are you talking about exactly, your post is not clear.

Some exceptions are when it needs to download updates, the new Global IPS feature etc.

AKAMAI is a content delivery network used by many web sites to provide you a 'faster' cached copy of the content (hosted by AKAMAI).

Regards

Farrukh

0 Helpful

fisko
Level 1
Level 1
In response to Farrukh Haroon

‎05-26-2009 11:00 PM

Well ISP is not layer 3 device in manner of routing but it is sending http and https packets for update.

I found that in version 7 of IPS ...IPS send https request to ironport manifest server and than manifest server return the content delivery servers ip. After this IPS contact content dilivery server and get the update over http port.

In Cisco guide there is no any informations about public content delivery network and port 80 for update...

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to fisko

‎05-26-2009 11:30 PM

This is the new 7.x Global Correlation feature, and it is documented here:

http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/18483_01.html#wp1161779

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_collaboration.html

AFAIK, you can turn off this feature as per your discretion. Cisco has adapted the Ironport senderbase technology to their IPS as well. Its a pretty interesting feature, I hope it becomes as successful as the one for mail traffic.

Please rate if helpful.

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card