Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

OUT / OUT and getting internal addys IN

No matter what I try, all my events are reported as OUT/OUT.

I've added internal networks under sensor properies, even specific IP addresses. The Event Viewer always reports "OUT/OUT". Now, my "Internet Perimeter", which my whole topology is established under, is in the "Untrusted" section of Policy Domains. Does that matter?

How can I get my internal nets to be listed as IN? The hopes is that the Event Viewer will report events that have a source address of my networks as "IN/OUT".

Thanks.

1 REPLY
New Member

Re: OUT / OUT and getting internal addys IN

After you enter the internal network on the sensor's properties tab, do a File>>Save&Update.

Then do an approve now to push it out to your sensor.

Then telnet to your sensor and look at the following file:

/usr/nr/etc/packetd.conf

You should see:

RecordOfInternalAddress - your internal address & mask

Also, take a look at the time the file was generated to make sure that it was actually modified when you thought it was.

HTH

Jeff

78
Views
0
Helpful
1
Replies
CreatePlease login to create content