Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS 11506 triggering 3030 on ASA IPS


The CSS 11506 is triggering tens of thousands hits with signature 3030. We have many other hosts on the campus hitting this signature but the CSS was by far the biggest offender. My question is to verify if the CSS needs to perform these TCP syn sweeps on a constant basis as part of it's maintaining the cache engine? On the CSS we were receiving 12000 miss and about 1500 hits per minute with a savings over the last 60 day of 18%. While trying to tune the IPS, we tuned 3030 to deny the packet inline. After making the change to 3030, we see that out misses on the CSS are down to around 1200 with 300 hits. We than reset the statistics to get a more accurate count, but now there are no hits/misses. We are still receiving tcp requests. Is the tcp syn sweep necessary for the CSS? TIA.



Re: CSS 11506 triggering 3030 on ASA IPS

It certainly seems plausible that a load balancer would use TCP connections to determine which services in a farm are available. Why don't you just create an event filter for your CSS devices?

New Member

Re: CSS 11506 triggering 3030 on ASA IPS

Please ignore this post as I'm gonna have to repost with the actual correct information. As I'm sure I left people scratching there heads wondering what the heck I was talking about. DOH!