Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ola
New Member

IDSM-2 Join windows domain problem

We are running a IDSM-2 module in a 6509 with vlan inline interface pairs.

Everything looks fine until we try to join a server to the 2003 domain.

I can't see the IPS dropping anything, but we get "network path not found" after entering the credentials for joining. If I set the IPS to bypass it works as it should. The software on the IPS is 6.2(1)E3 and all the servers are windows 2003. Greatful for any ideas of how to solve this.

3 REPLIES
Gold

Re: IDSM-2 Join windows domain problem

This post from antonyabraham in another thread might help:

Replied by: antonyabraham - STATE FARM - Feb 12, 2009, 5:59pm PST

There could be some normalizer engine events which can drop/modify traffic without firing an alert. Some of them seem to be on by default. Could you try enabling "produce alerts" on the normalizer signatures with deny or modify actions?

Another way would be to put an event action filter for the source or target (or both) and filter out all deny actions. In that way, you are telling the sensor do not block any traffic from or to certain IP address (based on how the filter is formed). I would use this filter to cover all signatures and sub signatures for the source/target in question.

ola
New Member

Re: IDSM-2 Join windows domain problem

Thanks, I have enabled produce alerts and will see if that give me any clue to what is wrong.

ola
New Member

Re: IDSM-2 Join windows domain problem

Actually, some traffic passed the sensor twice. So changing from virtual sensor mode to interface and vlan mode fixed the problem.

125
Views
0
Helpful
3
Replies