Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Okena Strom watch Or Cisco Security agent

I applied default desktop group and i can not ping or trace route to machine. I can shared drives on that machines from other machines. Security agent is not loging reason of drop. Any Idea which policy--rule causing this?

Thanks

Pradeep

3 REPLIES
New Member

Re: Okena Strom watch Or Cisco Security agent

Have you denied ICMP packets using any access lists??

New Member

Re: Okena Strom watch Or Cisco Security agent

During our initial eval of the new CSA product, we encountered the same thing. If I remember correctly it has to do with the network shim. There is a rule in that policy that killed ICMP. HTH.

New Member

Re: Okena Strom watch Or Cisco Security agent

Hi Pradeep

I had same thing happen to me. heres what I did:

Under Policies:DesktopModulesWindows:Rules:NetworkShield:transport security (I think its rule 214) you will find

Cloak System ..

Simply uncheck this feature

Save and generate new rules

This should allow you to ping or trace route to machine.

We created a simple rule set by copying the Default Desktop

to create a new Cloned Default Desktop

removed all the complex rules and tested

then added rules one by one to get what we wanted

You do not want to run with all these rules in place, it will drive you nuts! lol

Good Luck!

Mike

139
Views
5
Helpful
3
Replies