We are running a IDSM-2 module in a 6509 with vlan inline interface pairs.
Everything looks fine until we try to join a server to the 2003 domain.
I can't see the IPS dropping anything, but we get "network path not found" after entering the credentials for joining. If I set the IPS to bypass it works as it should. The software on the IPS is 6.2(1)E3 and all the servers are windows 2003. Greatful for any ideas of how to solve this.
This post from antonyabraham in another thread might help:
Replied by: antonyabraham - STATE FARM - Feb 12, 2009, 5:59pm PST
There could be some normalizer engine events which can drop/modify traffic without firing an alert. Some of them seem to be on by default. Could you try enabling "produce alerts" on the normalizer signatures with deny or modify actions?
Another way would be to put an event action filter for the source or target (or both) and filter out all deny actions. In that way, you are telling the sensor do not block any traffic from or to certain IP address (based on how the filter is formed). I would use this filter to cover all signatures and sub signatures for the source/target in question.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...