Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

iTunes streaming affected by AIP-SSM running 5.1(1)

It's been my experience that iTunes streaming of Internet radio stations is being interrupted by our AIP-SSM-10 running in inline mode. There are no alerts generated for the source or destination IP addresses in question. As soon as I change the class-map access-list to allow iTunes streaming traffic to bypass the IPS, the issue goes away. Any thoughts to what the issue could be?

2 REPLIES
Silver

Re: iTunes streaming affected by AIP-SSM running 5.1(1)

Itunes will not accept any connection from clients unless specified in the access list.

New Member

Re: iTunes streaming affected by AIP-SSM running 5.1(1)

This turned out to be an issue with the ASA not sending Out of Order packets to the IPS module.

According to TAC, the ASA will only queue up 3 OOO packets and will stop dropping after that.

We changed the queue-limit using a tcp-map:

!

tcp-map TCP-queue

queue-limit 25

!

class IPS-traffic

ips inline fail-open

set connection advanced-options TCP-queue

!

It's been working great ever since.

227
Views
0
Helpful
2
Replies