The CSS 11506 is triggering tens of thousands hits with signature 3030. We have many other hosts on the campus hitting this signature but the CSS was by far the biggest offender. My question is to verify if the CSS needs to perform these TCP syn sweeps on a constant basis as part of it's maintaining the cache engine? On the CSS we were receiving 12000 miss and about 1500 hits per minute with a savings over the last 60 day of 18%. While trying to tune the IPS, we tuned 3030 to deny the packet inline. After making the change to 3030, we see that out misses on the CSS are down to around 1200 with 300 hits. We than reset the statistics to get a more accurate count, but now there are no hits/misses. We are still receiving tcp requests. Is the tcp syn sweep necessary for the CSS? TIA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...