Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS/IDSM-2 , VPN Problem

I have following design for IPS and VPN concentrator.

Internet --> Router ---> IPS ----> VPN 3060.

When VPN from Internet to VPN 3060, all work fine. But weird is that when IPS is in inserted between router and VPN3060. The VPN client after login after a while ot when they start access application especially Windows remote desktop or CSM client access to CSM server ( I believed large packets MTU is use) the VPN connection get 'hang' mean the connectivity lost , the ping to intenal server suddent timeout...later the VPN session disconnect.

If the inline IPS is remove the path ... all very fine.

What cause IPS block the VPN trafic ?

Anyone experience it ?

Cisco Intrusion Prevention System, Version 5.1(1)S231.0


Realm Keys key1.0

Signature Definition:

Signature Update S231.0 2006-06-05

Virus Update V1.2 2005-11-24

OS Version: 2.4.26-IDS-smp-bigphys

Platform: WS-SVC-IDSM2-BUN

New Member

Re: IPS/IDSM-2 , VPN Problem


all depends on firing signatures and action rules

be sure to disable deny * inline, etc. for all signatures

also engine normalizer can make troubles

hope that helps a bit



Re: IPS/IDSM-2 , VPN Problem


Did you start having this issue after updgrading to signature S231? I have been seeing issues of out of order packet drops since doing so. I also went from S231 to S232 in hopes of it clearing up.

I am currently working this issue with Cisco TAC and have not confirmed the IPS to be the issue. I will update when I have more info.