Answered Question
Jul 21st, 2009
User Badges:

I am seeing "denyPacketRequestedNotPerformed+denyFlowRequestedNotPerformed" on the Cisco IPS.

The Cisco IPS is running version 6.1(2)E3. The IPS is running inline mode. We are seeing sigID 3616 subsigID 4 was triggered and the above action was noticed. The action taken was set to deny packet inline. However, we are seeing the above message.

Anyone can assist on this issue? Appreciate for the help.

Correct Answer by rand.hall about 7 years 11 months ago

This is the section of the docs you're looking for:

On the ASA:

show service-policy ips

or grep your ASA config for the policy map command:

ips {inline | promiscuous] [fail-close | fail-open}

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
rand.hall Wed, 07/22/2009 - 04:09
User Badges:

See my similar question around Jul-8.

I thought I was in inline mode but was in promiscuous mode.

I have the ASA daughter card. I read the IPS docs upside down and sideways looking for how to get into inline mode. There is a single and (to me) obtuse one line reference that points you to the ASA docs. Indeed, that's where I found the relevant info.

wmchan1979 Wed, 07/22/2009 - 16:36
User Badges:

How could we determine if the IPS (daughter card in the ASA) is running promicuous mode or inline mode? Would you be able to send me the doc that you have so that I can read it further? Thanks.

wmchan1979 Mon, 07/27/2009 - 14:46
User Badges:

Thanks. I will give it a try and let you know the findings.

wmchan1979 Sun, 08/02/2009 - 04:03
User Badges:

Hi rand.hall,

The IPS was actually running on promiscuous mode as what you predicted. We had changed it to the inline mode now. Thanks for your help. :)


This Discussion