denyPacketRequestedNotPerformed+denyFlowRequestedNotPerformed

Answered Question
Jul 21st, 2009

I am seeing "denyPacketRequestedNotPerformed+denyFlowRequestedNotPerformed" on the Cisco IPS.

The Cisco IPS is running version 6.1(2)E3. The IPS is running inline mode. We are seeing sigID 3616 subsigID 4 was triggered and the above action was noticed. The action taken was set to deny packet inline. However, we are seeing the above message.

Anyone can assist on this issue? Appreciate for the help.

I have this problem too.
0 votes
Correct Answer by rand.hall about 7 years 4 months ago

This is the section of the docs you're looking for:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_ssm.html

On the ASA:

show service-policy ips

or grep your ASA config for the policy map command:

ips {inline | promiscuous] [fail-close | fail-open}

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
rand.hall Wed, 07/22/2009 - 04:09

See my similar question around Jul-8.

I thought I was in inline mode but was in promiscuous mode.

I have the ASA daughter card. I read the IPS docs upside down and sideways looking for how to get into inline mode. There is a single and (to me) obtuse one line reference that points you to the ASA docs. Indeed, that's where I found the relevant info.

wmchan1979 Wed, 07/22/2009 - 16:36

How could we determine if the IPS (daughter card in the ASA) is running promicuous mode or inline mode? Would you be able to send me the doc that you have so that I can read it further? Thanks.

wmchan1979 Sun, 08/02/2009 - 04:03

Hi rand.hall,

The IPS was actually running on promiscuous mode as what you predicted. We had changed it to the inline mode now. Thanks for your help. :)

Actions

This Discussion