Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA SSM 10 IPS blocking roaming profiles

I have a client with the Cisco ASA SSM 10 module that is blocking roaming profiles from loading correctly. The issue goes away when the IPS is disabled. After I re-enable the IPS, it stops working and I see the following message in the log file:

4 Sep 03 2009 15:30:11 420003 172.16.X.XX 1102 SERVER 139 IPS requested to reset TCP connection from STUDENT-II-VLAN:172.16.X.XX/1102 to inside:SERVER/139

Followed by:

6 Sep 03 2009 15:30:11 302014 172.16.X.XX 1102 SERVER 139 Teardown TCP connection 3870 for STUDENT-II-VLAN:172.16.X.XX/1102 to inside:SERVER/139 duration 0:00:05 bytes 4339900 Flow reset by IPS

I thought this may have to do with SMB, so I disabled some of the SMB signatures, but that didn't work. It happens for this server on port 139 and 445. Any ideas on what signature it may be would be great.

TIA.

Dan

1 REPLY
Gold

Re: ASA SSM 10 IPS blocking roaming profiles

Jump on the IPS sensor and check the IPS log. It should have a signature event that caused teh TCP Reset to occur. The event will tell you what signature and subsig you need to disable.

IPS CLI - "show event alert past 01:00"

461
Views
5
Helpful
1
Replies
CreatePlease to create content