I'm having the same problems here, but I would venture to say that the problems we are experiencing are limited to filters which use an IP Range for the Source or Destination IP fields. If we change the range to an asterisk (*) then the filter works. Change it back to a range statement, and it doesn't work. This may be the case with your problem. If so, recommend you open a TAC Case as I have and lets get Cisco to fix the problem.
I know there were import issues with IDS MC when adding a previously confifured sensor which contained address ranges in the filters and also the same problem with filters which used the asterisk (*) in the SubSig field. Seems IDS MC when importing filters, is not expecting the SubSig field. So when it imports the filter the entry in the SubSig field becomes the entry for the Source IP (everything gets shifted right one field) causing an error because there was data read after the expected end of the Destination IP field. I have a TAC Case open for this one also.
A very late response, but to conclude this one, here is a resume of what has happened. There were two things :
1. Using the proper procedure for changing the sensor config via ids mc : you have to save first all changes into the database ; generate a new config for this sensor ; approve it ; deploy the new config on the specific sensor
2. But even on using the proper procedure, sometimes the deployment fails due to the fact that the sensor is not ready/is too busy for deploying a new config. So the thing is to wait until the sensor has not much to do. And it has nothing to do with the CPU that is overloaded, because this problem is already happening at less than 20% usage. Even with our high capacity idsm-2 blades we have this problem.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...