Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AIP SSM blocking CIsco VPN


I recently turned on the AIP-SSM in our ASA 5540. It seems to be working fine, except for inside users are now unable to acquire a good VPN connection to another site.

They are using the Cisco VPN client. The client will connect for 1 or 2 minutes, and the connection provides sporadic access to resources on the other end. After about 2 minutes the VPN disconnects.

If I remove the service policy (passing ALL traffic through the IPS), the VPN works fine. Partial config...

class-map IPS

match any

policy-map IPS

class IPS

ips inline fail-open

service-policy IPS interface outside

Any quick ideas? Thank you.


Re: AIP SSM blocking CIsco VPN

Your symptoms certainly sound like the IPS is dropping packets in your VPN connection.

Check your sensor event log with:

show event past 01:00

to see all events in the past hour, some alerts (sh event alert past 01:00) are supressed, depending on the signature settings. If you can determine which signature is responsible, you can disable the signature, or remove the drop action. Keep in mind that any signature with a high risk rating (80 or better?) gets dropped automaticly, reguardless of the action setting of that signature.