Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CISCO IPS 4255

Hi Friend

I have a Cisco IPS 4255, and I put all the upgrades that Cisco recomend. So, I put the ARES signature with TCP RESET like the action, but the ARES is working without the problem, and I need to stop these traffic. How can I stop the ARES P2P traffic.

I will wait your answer.

Regards

Rafael Barba

6 REPLIES
Gold

Re: CISCO IPS 4255

Is your sensor in-line or sniffing in promiscious mode? If it is in-line then you can drop the packets instead of sending a TCP Reset. If your sesor is promiscious, then you need a method of transmitting those resets back into the traffic stream.

New Member

Re: CISCO IPS 4255

Hi friend thank you for your answer, my sensor is in-line mode, and I have configured the signture with both actions.

TCP reset and deny inline packet???, Should I change the action to other???, please tell me wich one???

Regards

Rafael Barba

Gold

Re: CISCO IPS 4255

If your sensor is physically in-line then you only need to drop. Are your ARES signatures firing?

Check your alert log with "show event alert past 01:00" to see the past 1 hour of signature alerts.

New Member

Re: CISCO IPS 4255

Hi friend.

Thank you for your answer, You know that the ARES signatures is not firing, I don not why??? I am sending 2 pictures ipslog1.jpg (is my signatures configuration), ipslog2.jpg (is the action configuration), What must I do in order to fix this issue.

Regards

Rafael Barba

New Member

Re: CISCO IPS 4255

Hi friend.

Do you have any answer, about hi can I block the ARES with the IPS 4255??, I sent you my signature configuration, but I did not receive nothing. Could you help me??

Regards

Rafael Barba

New Member

Re: CISCO IPS 4255

check to see if your ARES is triggering that IPS signature.

374
Views
0
Helpful
6
Replies
CreatePlease login to create content