Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS Blocking out Outlook connectivity of VPN Users.

Cisco IPS 4240, v5.1(3)S255

VPN users of our client's organization are complaining that the Outlook connectivity to Exchange through VPN is getting frequently timed out. Even if they do connect, the connection simply hangs in the middle of transferring mail. This problem is visible only with VPN Users. Local LAN users are not facing any such issues.

When the IPS is put in the bypass mode, the VPN users have no performance issues. To mitigate this issue, we even tried filtering out all the blocking actions other than logging packets on all signatures between the IPs allocated for VPN users, and the Exchange Server IPs. Still the same problem persists.

This is causing immense difficulties since there are a number of Roaming users in the client's organization, and the issue has reached crisis proportion. Urgent help is required. Thanks in advance.


Re: IPS Blocking out Outlook connectivity of VPN Users.

I believe you are running into a bug where TCP streams where being timed out after 36 seconds of inactivity (vice the 3600 that was supposed to be in effect). I suggest installing the 5.1(4) service pack and the S263 signature update to bring your binaries up to the latest versions.

For diagnostic purposes, you could try tuning signature 1301 to turn on produce alert and setting the tcp-idle-timeout value to a much larger number, say 360000 due to the /100 factor.

Community Member

Re: IPS Blocking out Outlook connectivity of VPN Users.

Hi Scott,

You were bang on!! Thanks for the help. Things are smooth now.


CreatePlease to create content