Have you enabled the virtual sensor (vs0) on the IPS?
If you IDM into the IPS, you can check the following:
Configuration --> Policies --> IPS Policies --> edit "vs0" --> tick "Assigned" for gig3/3 --> OK --> click "Apply"
I noticed that as soon as the interface comes back up it exceeds the threshold of the interface almost immediately. It's possible that the interface is oversubscribed. You want to check the amount of traffic you have going through the interface and see if you can limit them via ACL's.
The other thing I noticed is that along with the up/down alarms there are numerous TCP Segment Overwrite (1300-0) alerts in the alarm channel. The signature likely needs to be tuned for your environment.
Thanks for response, Yes I have already checked, IPS policy is properly applied. IPS interface is receiving around 300 Mbps traffic, but IPS is 4270, whose troughput is 4 gbps. below is the show interface statistics for my interface.
show interfaces gigabitEthernet3/2[C[C MAC statistics from interface GigabitEthernet3/2 Interface function = Sensing interface Description = SW1 Port 0/2 Media Type = TX Default Vlan = 0 Inline Mode = Unpaired Pair Status = N/A Hardware Bypass Capable = Yes when paired with GigabitEthernet3/3 Hardware Bypass Paired = No Link Status = Up Admin Enabled Status = Enabled Link Speed = Auto_1000 Link Duplex = Auto_Full Missed Packet Percentage = 99 Total Packets Received = 171259 Total Bytes Received = 1214483055 Total Multicast Packets Received = 26 Total Broadcast Packets Received = 0 Total Jumbo Packets Received = 0 Total Undersize Packets Received = 0 Total Receive Errors = 2073827 Total Receive FIFO Overruns = 1978 Total Packets Transmitted = 0 Total Bytes Transmitted = 132603584
Total Multicast Packets Transmitted = 0 Total Broadcast Packets Transmitted = 0 Total Jumbo Packets Transmitted = 0 Total Undersize Packets Transmitted = 0 Total Transmit Errors = 0 Total Transmit FIFO Overruns = 0
Please suggest. Inspection load of IPS is normal, my other interface of IPS is running in Inline which is working properly.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...