Test bed configuration consists of Catalyst 6500 and 4255 IDS vith SW version 6.0. The traffic is captured using VLAN capture feature and send to the sensing interface Gi0/0 on IDS. The reset interface is Gi0/3, connected back to the Cat6K.
Vlan 140 with IP interface is defined on the switch. There is a host connected to that Vlan. A custom signature defines that telnet to that host is not legal and the reset action is defined IDS.
When the telnet is started to that host from anywhere in the network, the connection is reset. BUT the event counter gone mad constantly increasing.
What we suspect to happen is that the reset packet from IDS that is destined for te secured host, triggers the event again what causes new resets. It is some kind of a loop situation.
Is there any feature or technique to overcome such situation ?
You didn't provide the details on the custom sig. You might try an atomic IP signature. layer 4 protocol = tcp. tcp flags = SYN. tcp mask = Ack|Fin|Psh|Rst|Syn|Urg. destination port = 23. specify ip address = .
This should only fire on the initial SYN packet and the RST packets won't match.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :