IPS Blocking out Outlook connectivity of VPN Users.

ajay_dand · ‎12-28-2006

Cisco IPS 4240, v5.1(3)S255

VPN users of our client's organization are complaining that the Outlook connectivity to Exchange through VPN is getting frequently timed out. Even if they do connect, the connection simply hangs in the middle of transferring mail. This problem is visible only with VPN Users. Local LAN users are not facing any such issues.

When the IPS is put in the bypass mode, the VPN users have no performance issues. To mitigate this issue, we even tried filtering out all the blocking actions other than logging packets on all signatures between the IPs allocated for VPN users, and the Exchange Server IPs. Still the same problem persists.

This is causing immense difficulties since there are a number of Roaming users in the client's organization, and the issue has reached crisis proportion. Urgent help is required. Thanks in advance.

scothrel · ‎12-29-2006

I believe you are running into a bug where TCP streams where being timed out after 36 seconds of inactivity (vice the 3600 that was supposed to be in effect). I suggest installing the 5.1(4) service pack and the S263 signature update to bring your binaries up to the latest versions.

For diagnostic purposes, you could try tuning signature 1301 to turn on produce alert and setting the tcp-idle-timeout value to a much larger number, say 360000 due to the /100 factor.

ajay_dand · ‎01-08-2007

Hi Scott,

You were bang on!! Thanks for the help. Things are smooth now.

Ajay.