Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
5
Helpful
1
Replies

ASA SSM 10 IPS blocking roaming profiles

deyster94
Level 5
Level 5

‎09-03-2009 11:51 AM - last edited on ‎03-25-2019 05:19 PM by Community Manager

I have a client with the Cisco ASA SSM 10 module that is blocking roaming profiles from loading correctly. The issue goes away when the IPS is disabled. After I re-enable the IPS, it stops working and I see the following message in the log file:

4 Sep 03 2009 15:30:11 420003 172.16.X.XX 1102 SERVER 139 IPS requested to reset TCP connection from STUDENT-II-VLAN:172.16.X.XX/1102 to inside:SERVER/139

Followed by:

6 Sep 03 2009 15:30:11 302014 172.16.X.XX 1102 SERVER 139 Teardown TCP connection 3870 for STUDENT-II-VLAN:172.16.X.XX/1102 to inside:SERVER/139 duration 0:00:05 bytes 4339900 Flow reset by IPS

I thought this may have to do with SMB, so I disabled some of the SMB signatures, but that didn't work. It happens for this server on port 139 and 445. Any ideas on what signature it may be would be great.

TIA.

Dan

Labels:
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎09-03-2009 12:15 PM

Jump on the IPS sensor and check the IPS log. It should have a signature event that caused teh TCP Reset to occur. The event will tell you what signature and subsig you need to disable.

IPS CLI - "show event alert past 01:00"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card