I've spend many hours over the last week working on intermittant sensing interface failures on our IPS sensors (models 4235,4240,4250,4255) after an upgrade to 5.1-1a. I even rebuild 6 sensors from scratch using an 5.1-1a ISO image, and 5 out of the 6 have failed. I believe there is something seriously wrong with version 5.1(1). Cisco doesn't seem all that interested in troubleshooting and simpy told me to rebuild my sensors as 5.0 (I have 3 data centers and 20 sensors).
Another fine example of Cisco's fine software development and QA. If I seem bitter, it's only because I am;-)
I've also had issues with 5.1-1. Fortunately, I only upgraded 5 of our 16 4255's. Tried everything to work around the issues, but ended up reverting back to a 5.0-2 image, which must be done onsite via console port on the 4255. Only then was I able to update to 5.0-5 and latest sigs. Don't think I'll try a version upgrade again without testing it on a single sensor for a week or so. Cisco still has no fix for this yet. Live and learn.
I have sucessfully re-imaged x2 IPS4255s locally. Then upgraded my IDS/Sec Mon v2.1 to IPS MC 2.2 and Sec Mon 2.2 since doing this I can no longer push signatures out. The IPS MC produces the following message:
The Sensor reports its V version as V1.0 but the MC reports V version.
I have tried to re-import and even deleted a sensor of the IPS MC, I can no longer get it back in!
So something is certainly up with the software.
PS. receiver.exe has started to hog the CPU now as well.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...