We have an ASA5520 running with AIP-SSM 10 IPS module. IPS module is in inline mode. We have having some problem. Curruntly its handling 30 to 40 mbps data. the problem is that i am getting high latency from my LAN. If i bypass IPS i get 1 ms latency where as if i use IPS i get 120 ms to 160 ms. which is creating some problem running some of my application like Team 2.
Below is part of my ASA config.
policy-map type inspect dns migrated_dns_map_1
message-length maximum 512
inspect dns migrated_dns_map_1
inspect h323 h225
inspect h323 ras
ips inline fail-open
set connection advanced-options mss-map
What i did today, i just omit from my asa the two line which are
ips inline fail-open
by giving "no class brac-ips-class" and noting else. I didn't save it even. everything was just fine. but suddenly i found my network down. When it become ok i found that ASA has reload autometically and back to its original configuratioin.
Could you please tell me why it happened.
what the other config that i have to erase for bypassing IPS.
Here also i am giving the sh ver of my IPS module for your suggestion. Plz let me know if my IPS has reached to its maximum capacity or any guideline.
bblsensor# sh ver
Cisco Intrusion Prevention System, Version 5.1(5)E1
Realm Keys key1.0
Signature Update S278.0 2007-03-28
Virus Update V1.2 2005-11-24
OS Version: 2.4.26-IDS-smp-bigphys
Serial Number: JAF1124071C
No license present
Sensor up-time is 45 days.
Using 682496000 out of 1054670848 bytes of available memory (64% usage)
system is using 17.4M out of 29.0M bytes of available disk space (60% usage)
application-data is using 45.8M out of 166.8M bytes of available disk space (29% usage)
boot is using 35.3M out of 68.6M bytes of available disk space (54% usage)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :