I am configuring remote host blocking on SSM-10 within ASA to make shun on certain signatures. SSM-10 resides on the same ASA on which it should perform shun action. But unfortunately it doesn't work. ASA version ins 8.4(3) and IPS version is 7.0(7)E4.
Here is error messages I get on IPS:
errorMessage: ErrSystemError PIX [22.214.171.124] version major and minor values were not matched name=errUnclassified
errorMessage: Firewall [126.96.36.199] is unable to add a block for [188.8.131.52] due to an error. name=errSystemError
184.108.40.206 is ASA ip address, and 220.127.116.11 is attacker which triggered signature with shun action.
I even tried to use telnet between ASA and IPS to communicate but same result.
Do you have the SSM configured in promiscuous or inline mode? The blocking/ARC config is only relevant for promiscuous configurations. If you have the sensor configured for inline in the service policy on the ASA, then the SSM can directly deny offending traffic. I have seen instances of this error before when you are attempting to configure blocking for an inline sensor.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...