The answer is somewhat dependant on software version.
In version 4.x sensors the filtering system would only allow filtering of all actions. This included generation of TCP Resets and producing the actual alert. So in 4.x you coudl filter the event, but it would prevent the alert creation as well as the tcp resets (as well as any other action configured).
In version 5.x sensors the filtering system is more advanced and does allow the filtering of separate actions on an event. So a filter can created to remove just the TCP Reset action and still leave the produce alert action. So the alert will still be generated, without sending the tcp resets to shut down the connection.
What is the sensor version? As regarding to IEV not working, were you not getting any alerts in Cisco IDS Event Viewer? In CLI, did you see alerts coming when you do "show events"? If so, make sure the sensor has been added into IEV's device list. Also IEV host can connect to the sensor successfully. You can verify the connetion by double clicking that sensor device name in IEV and see if IDM can be successfully launched in the browser.
Regarding IEV is all ok! In my previus post i would like to intend "not running", instead of "not working"..i'm sorry. Is it normal to have traffic even if IEV isn't running and my PC not connected to IDS?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...