I’m using an RVS4000 on a small network of 5 Apple Macs. This was recently installed so I’m working out the early problems.
When the Apple Software Update app (OS 10.6.4) runs it successfully finds new software - but, when it attempts to download the software SU can’t connect. I found that the router IPS software sees this as a CHAT ICQ login attempt -2. Comes usually from a network with IP addresses of 96.00.00.00. Aside from allowing all entry from this domain how can I solve this? This must have been reported before - but I can’t find it. Thanks.
I have what sounds like the same problem, RVS4000, firmware V126.96.36.199, IPS Signature 1.42. Only, my network is a network of IBM PCs running Windoz XP SP3.
The symptom is that a download starts out well and runs for several (or 50 sometimes) MBytes OK and then suddenly halts. Sometimes retrys succeed in letting the download go a little farther, but it seems to just get slower and slower. I started looking at the connections my Browser (Internet Explorer 8.0.6001.18702) had open and discovered several connections to some strange sites. These appear to be servers that host a fixed IP address for downloads. One example is: a96-17-111-48.deploy.akamaitechnologies.com:http (188.8.131.52:80). There are other domains that seem to do the same thing.
It wasn't always this way. I installed the RVS4000 updates around 6/10/2010. Howver, my trouble didn't start until I tried to download a 3GByte Fedora 14 Linux update on 12/5/2010. The download ran OK for about 2.5 GBytes and then halted. From then on any large download almost always stopped part way through. Also, the limit of how many MBytes it would load before halting seemed to get shorter and shorter. Very wierd. It was only today that I took a good look at my firewall logs and noticed that some of the same IP addresses that were hosting the downloads were causing errors in the IPS log: "Chat ICQ Login attempt-2". When I searched the web for that message, this thread popped up.
I tried disabling the IPS function and my download completed. I now have IPS re-enabled with all categories enabled except for ICQ in the P2P/IM group. My downloads are working OK for now (what a relief).
I have wild paranoid theories about what has caused this :-) but I will wait until I do a little packet sniffing into what those servers are trying to do. If you or Stijn have more information about this problem, I'd be glad to hear it.
I’m a physician with only a peripheral knowledge of these problems. However, I found that my problems stopped when I disabled IPS. Also, a considerable bandwidth hit caused by the IPS was avoided. (25 mbs download speed now up to 60 with IPS off, Comcast Cable)
FWIW, Apple uses Akami Tech for a lot of their software downloads. So I see it used a lot in my Mac network.
I do wish Cisco would review and update the IPS system in this router, so I can use it.
Sorry, not much help. If anything really feeds your paranoia be sure to let us know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...