07-21-2009 06:22 PM - edited 03-10-2019 04:42 AM
I am seeing "denyPacketRequestedNotPerformed+denyFlowRequestedNotPerformed" on the Cisco IPS.
The Cisco IPS is running version 6.1(2)E3. The IPS is running inline mode. We are seeing sigID 3616 subsigID 4 was triggered and the above action was noticed. The action taken was set to deny packet inline. However, we are seeing the above message.
Anyone can assist on this issue? Appreciate for the help.
Solved! Go to Solution.
07-23-2009 05:32 AM
This is the section of the docs you're looking for:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_ssm.html
On the ASA:
show service-policy ips
or grep your ASA config for the policy map command:
ips {inline | promiscuous] [fail-close | fail-open}
07-22-2009 04:09 AM
See my similar question around Jul-8.
I thought I was in inline mode but was in promiscuous mode.
I have the ASA daughter card. I read the IPS docs upside down and sideways looking for how to get into inline mode. There is a single and (to me) obtuse one line reference that points you to the ASA docs. Indeed, that's where I found the relevant info.
07-22-2009 04:36 PM
How could we determine if the IPS (daughter card in the ASA) is running promicuous mode or inline mode? Would you be able to send me the doc that you have so that I can read it further? Thanks.
07-23-2009 05:32 AM
This is the section of the docs you're looking for:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_ssm.html
On the ASA:
show service-policy ips
or grep your ASA config for the policy map command:
ips {inline | promiscuous] [fail-close | fail-open}
07-27-2009 02:46 PM
Thanks. I will give it a try and let you know the findings.
08-02-2009 04:03 AM
Hi rand.hall,
The IPS was actually running on promiscuous mode as what you predicted. We had changed it to the inline mode now. Thanks for your help. :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: