Thanks for your info. I will contact the customer and dscuss those things.
Also i want to know the following on IPS in-line
1.IPS Connected behind the firewall pix 525 in in-line mode. Interface pair was created and 2 interfaces are made members of the pair. I assigned the pair to the engine.Here i did not do anything tuning on signatue configuration. All the sig are enabled as default. As soon as the ips placed in the network in in-line it stop thenetwork to go out when i put in bypass mode then working. PLease could you give the basic config to make the IPS working in in-line mode. Inside the network is the one with 3 networks (192.168.100.0, 101.0, 102.0)
ips inside interface sits in 192.168.100.0 network then other 2 networs are in 2 vlans of the core switch 4507R.IPS outside interface in line with pix firewall failover pair. Firewal pair outside connect to the internet router 3825 to the internet using ADSL.
I want to know how to choose the sigs those are only required for the internal networks also.
How are you reviewing the alerts that are generated from the IPS?
We use Security Monitor to view these events. I would suggest that you go ahead and put it inline - do an action-override 0-100 - then see what is coming up as "true" for denying. You can start to weed out possible causes that way. I'm sure there are more effective measures, but this one seems to have worked for me.
This is really off the top, as I will think a little more in depth on the issue. You know the pairs are setup correctly for the most part. Looks like the problematic finger points at either the engine or signatures.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :