Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
5
Helpful
2
Replies

IDSM-2 issues

Garrison Botts
Level 4
Level 4

‎08-30-2012 02:37 PM - edited ‎03-10-2019 05:45 AM

I'm having issues where the IDSM-2 is blocking internal users from accessing the internet. When I run a report, I see TCP OVERWRITE errors on the PAT'd address of the firewall (FWSM). I have to reboot the IDSM-2 to get it working again... I'm running the IDSM-2 "inline".

Cisco is telling me that I should put the IDSM-2 behind the firewall but isn't that allowing bad traffic to hit the firewall?

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
2 Replies 2

sawgupta
Level 1
Level 1

‎08-31-2012 07:59 PM

Ideally IPS should be behind the firewall, but depeds on your deployment scenario.

What kind of signature do you see firing on IDSM-2 ?

(Check via "show stats virtual-sensor")

http://www.cisco.com/en/US/docs/security/asa/quick_start/ips/ips_qsg.html

"Traffic goes through the firewall checks before being forwarded to the IPS module."

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

Garrison Botts
Level 4
Level 4
In response to sawgupta

‎09-01-2012 10:18 AM

TCP Overwrite signature 1300/0

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card