Layer 4 http access issue IPS 4270-20

Unanswered Question
Apr 14th, 2010

Hi there,


We are facing an issue while accessing one of our Server in DMZ, which is connected to 2960 switch in DMZ from inside segment of ASA.

We have two IPS boxes which are connected as per network diag attached.

We are able to access that particular server in DMZ  when Primary PIX is active & Primary ASA is active, from inside zone of ASA.

But as when PIX failover (Secondary is active ) I am not able to have http access to server though ping works fine. Also when ASA also failover

(Secondary ASA is active) problem gets resolved and http access to server is available.

Two IPS have been connected in Inline mode as per netdiag, with default signature & event action policy.

If we bypass the IPS by directly connecting PIX to DMZ switch, server is http accessible again. But as IPS is again enabled, http stops but ping works.

We suspected IPS blocking it but there are no event logs on both IPS.

Is there anyway we can bypass traffic for that particular server through IPS ?

Please let me know if you need anything to troubleshoot.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
xs.gautam Wed, 04/14/2010 - 23:45

Please assume one server connected to any of DMZ switch 2960 shown in the network diag as i have missed it there for brevity.

Note: Thanks anyways the issue has been resolved now.It was due to anamoly signature detections. We are still monitoring it


This Discussion