Im having an ongoing problem where the only IP that is being permitted to connect to the sensor is the one at the top of the access list (which automatically places it at the head of the line in the hosts.allow).
I have experimented with changing the order of the list via the cisco username interface.
So what Im stuck with basically is only being able to access the sensor through the console, which I leave at the top of the list. I need to be able to use the IDM tool from other workstations, but right now all I can do is use the console.
You should also check the file permissions on the /usr/cids/idsRoot/shared/host.conf file. This file should be owned by cids with owner/group write enabled. There was a bug where this file was changed to be owned by root. If this is the case, then:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...