Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
2
Replies

iTunes streaming affected by AIP-SSM running 5.1(1)

jshelmer
Level 1
Level 1

‎05-22-2006 03:43 PM - edited ‎03-10-2019 03:01 AM

It's been my experience that iTunes streaming of Internet radio stations is being interrupted by our AIP-SSM-10 running in inline mode. There are no alerts generated for the source or destination IP addresses in question. As soon as I change the class-map access-list to allow iTunes streaming traffic to bypass the IPS, the issue goes away. Any thoughts to what the issue could be?

Labels:
0 Helpful
2 Replies 2

b.hsu
Level 5
Level 5

‎05-26-2006 11:10 AM

Itunes will not accept any connection from clients unless specified in the access list.

0 Helpful

jshelmer
Level 1
Level 1

‎06-26-2006 08:34 AM

This turned out to be an issue with the ASA not sending Out of Order packets to the IPS module.

According to TAC, the ASA will only queue up 3 OOO packets and will stop dropping after that.

We changed the queue-limit using a tcp-map:

!

tcp-map TCP-queue

queue-limit 25

!

class IPS-traffic

ips inline fail-open

set connection advanced-options TCP-queue

!

It's been working great ever since.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card