I have a client with the Cisco ASA SSM 10 module that is blocking roaming profiles from loading correctly. The issue goes away when the IPS is disabled. After I re-enable the IPS, it stops working and I see the following message in the log file:
4 Sep 03 2009 15:30:11 420003 172.16.X.XX 1102 SERVER 139 IPS requested to reset TCP connection from STUDENT-II-VLAN:172.16.X.XX/1102 to inside:SERVER/139
6 Sep 03 2009 15:30:11 302014 172.16.X.XX 1102 SERVER 139 Teardown TCP connection 3870 for STUDENT-II-VLAN:172.16.X.XX/1102 to inside:SERVER/139 duration 0:00:05 bytes 4339900 Flow reset by IPS
I thought this may have to do with SMB, so I disabled some of the SMB signatures, but that didn't work. It happens for this server on port 139 and 445. Any ideas on what signature it may be would be great.