I have a 4240 running IPS 6.0. I have an interface in promiscuous mode that is connected to a port that has SPAN enabled on the uplink from a switch to my router. I'm doing some testing and noticed that when using nmap from a host on the same network as the IPS sensor to a host on a remote subnet that requires me to send my traffic through the uplink port in an outbound direction no signatures are triggered. However, if I do the same scan reversing the location of the attacker and victim the sensor immediately picks up the scan and triggers the appropriate signatures. Why would this behaviour occurr and is there a way to change it?