Issue with IPS alerts involving Secure Content Accelerator
We have deployed CSS-SCA Secure Content Accelerator to terminate the SSL connectiion from the clients and the traffic between CSS-SCA and servers is HTTP on port/80. Our IPS sensors (deployed in detection mode) see this HTTP traffic and triggers alarms, but the source IP shows up as CSS-SCA device and the destination are our servers as the SSL connection is terminated in SCA. How do we handle this scenario and figure out who the attcker is? We are currently not forwarding logs from CSS-SCA to CW-SIM (Netforensics). Even if I have access to SCA logs, how do I link this alarm to a particular client (external IP)? There could be multiple clients talking to our server at the same time!! Is Cisco MARS SCA aware and can it handle this scenario well by correlating with SCA logs?
Re: Issue with IPS alerts involving Secure Content Accelerator
After you have set up a "load definition" for the signature package file to be copied to the idconf, you must configure an IPS rule name. Use this task to configure an IPS rule name and start the IPS configuration.
You can also use this task to configure a Cisco IOS IPS signature location, which tells Cisco IOS IPS where to save signature information.
The configuration location is used to restore the IPS configuration in case the router reboots or IPS is disabled or reenabled. Files, such as signature definition, signature-type definitions, and signature category information, are written in XML format, compressed, and saved to the specified IPS signature location
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :