Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Layer 4 http access issue IPS 4270-20

Hi there,

PFA,

We are facing an issue while accessing one of our Server in DMZ, which is connected to 2960 switch in DMZ from inside segment of ASA.

We have two IPS boxes which are connected as per network diag attached.

We are able to access that particular server in DMZ  when Primary PIX is active & Primary ASA is active, from inside zone of ASA.

But as when PIX failover (Secondary is active ) I am not able to have http access to server though ping works fine. Also when ASA also failover

(Secondary ASA is active) problem gets resolved and http access to server is available.

Two IPS have been connected in Inline mode as per netdiag, with default signature & event action policy.

If we bypass the IPS by directly connecting PIX to DMZ switch, server is http accessible again. But as IPS is again enabled, http stops but ping works.

We suspected IPS blocking it but there are no event logs on both IPS.

Is there anyway we can bypass traffic for that particular server through IPS ?

Please let me know if you need anything to troubleshoot.

Regards

Gautam

1 REPLY
Community Member

Re: Layer 4 http access issue IPS 4270-20

Please assume one server connected to any of DMZ switch 2960 shown in the network diag as i have missed it there for brevity.

Note: Thanks anyways the issue has been resolved now.It was due to anamoly signature detections. We are still monitoring it

226
Views
0
Helpful
1
Replies
CreatePlease to create content