Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1466
Views
0
Helpful
5
Replies

denyPacketRequestedNotPerformed+denyFlowRequestedNotPerformed

Go to solution
wmchan1979
Level 1
Level 1

‎07-21-2009 06:22 PM - edited ‎03-10-2019 04:42 AM

I am seeing "denyPacketRequestedNotPerformed+denyFlowRequestedNotPerformed" on the Cisco IPS.

The Cisco IPS is running version 6.1(2)E3. The IPS is running inline mode. We are seeing sigID 3616 subsigID 4 was triggered and the above action was noticed. The action taken was set to deny packet inline. However, we are seeing the above message.

Anyone can assist on this issue? Appreciate for the help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rand.hall
Level 1
Level 1
In response to wmchan1979

‎07-23-2009 05:32 AM

This is the section of the docs you're looking for:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_ssm.html

On the ASA:

show service-policy ips

or grep your ASA config for the policy map command:

ips {inline | promiscuous] [fail-close | fail-open}

View solution in original post

0 Helpful
5 Replies 5

Go to solution
rand.hall
Level 1
Level 1

‎07-22-2009 04:09 AM

See my similar question around Jul-8.

I thought I was in inline mode but was in promiscuous mode.

I have the ASA daughter card. I read the IPS docs upside down and sideways looking for how to get into inline mode. There is a single and (to me) obtuse one line reference that points you to the ASA docs. Indeed, that's where I found the relevant info.

0 Helpful

Go to solution
wmchan1979
Level 1
Level 1
In response to rand.hall

‎07-22-2009 04:36 PM

How could we determine if the IPS (daughter card in the ASA) is running promicuous mode or inline mode? Would you be able to send me the doc that you have so that I can read it further? Thanks.

0 Helpful

Go to solution
rand.hall
Level 1
Level 1
In response to wmchan1979

‎07-23-2009 05:32 AM

This is the section of the docs you're looking for:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_ssm.html

On the ASA:

show service-policy ips

or grep your ASA config for the policy map command:

ips {inline | promiscuous] [fail-close | fail-open}

0 Helpful

Go to solution
wmchan1979
Level 1
Level 1
In response to rand.hall

‎07-27-2009 02:46 PM

Thanks. I will give it a try and let you know the findings.

0 Helpful

Go to solution
wmchan1979
Level 1
Level 1
In response to rand.hall

‎08-02-2009 04:03 AM

Hi rand.hall,

The IPS was actually running on promiscuous mode as what you predicted. We had changed it to the inline mode now. Thanks for your help. :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card