Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
1
Replies

ASA SSM-20 is not working as expected

alex.dersch
Level 4
Level 4

‎11-06-2009 09:18 AM - edited ‎03-10-2019 04:49 AM

Dear Forum,

we have an ASA 5510 with an IPS Module SSM20. When i penetrate the ASA with NMAP from the outside interface i can detect the OS of the servers in the DMZ.

When i allow the ip address of my testing machine on the outside interface the IPS is logging some TCP SYN PORT SWEEPS but not the NMAPFingerprint Event.

Thanks for your advises

Alex

Labels:
0 Helpful
1 Reply 1

bnidacoc
Level 1
Level 1

‎11-10-2009 10:53 AM

It is my understanding that the IPS modules analyze packets permitted to traverse through the host ASA. If your ASA ACL only allows TCP 80 and 443, then it might not look like a sweep to the IPS module's rule. The SSM IPS does not see that which is stopped by the ASA.

Now, if you built a server, placed it in a new/separate (no access from outside) DMZ and permitted an inside host ip any any and then ran a sweep, see if it fires then.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card