I currently have a sensor version 3.0(1)S5 operating with a director 2.2.3, signature (4) communicating via IPsec. By my own testing I am receiving alerts, although I'm not sure if I'm receiving everything. Different testing alerts I would run with earlier versions are not registering now, although some are. Does this version setup look accurate; is there something I could be missing?
When you say that "Different testing alerts I would run with earlier versions are not registering now, although some are." are you saying that with 2.5 (or 2.2.1.x) sensors you would receive all of the alarms, but now that you have loaded 3.0 you are no longer receiving all of the alarms.
If so the first thing to check would be the severity level of the alarms that you are watching for and make sure that they were not accidentally changed during the upgrade process.
then next thing that could be happening is that you might be seeing a side affect of our new feature in 3.0 known as alarm summarization. Some alarms fire quite often under normal conditions and others fire often under attack conditions. To prevent these alarms from flooding the management console these alarms were placed in summarization mode. So the first time the alarm fires it will generate an alarm, but then it starts counting alarms, and instead of sending every subsequent alarm it sends a single summary alarm with the count of how many alarms it saw during a time interval.
For more information on the new Summarization feature you can refer to the 3.0 documentation:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...