Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
noc
Community Member

IOS IDS block incoming http requests

Hello all!

I am try to use IOS IDS version 12.2(16) for 3660. Configuration next:

ip audit attack action alarm drop reset

ip audit notify log

ip audit po max-events 100

ip audit smtp spam 350

ip audit name IDS-TTS info action alarm

ip audit name IDS-TTS attack action alarm drop reset

int FastEthernet0/1

descr ### Internet connection ###

ip audit IDS-TTS in

i see some warnings about wrong ip packets, something about icmp, nothing terrible, but people outside can't connect to my web servers. If i try to do telnet from outside host to my webserver port 80 i see next:

[roman@dns roman]$ telnet www.kht.ru 80

Trying 194.85.113.247...

Connected to www.kht.ru.

Escape character is '^]'.

Connection closed by foreign host.

if i disable IDS, than connection working well, and connects to webserver working well too.

May be i do something wrong?

Thank you very much!!!

1 REPLY
Community Member

Re: IOS IDS block incoming http requests

I think that you probably do not have the access-list set up correctly. This URL has some configuration examples on it. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids5/csidscog/tasks.htm

87
Views
0
Helpful
1
Replies
CreatePlease to create content