IOS IPS is very very picky and tricky. I remember having similar problems when we deployed it for the customer. They were running quite beefy routers (ISR2 with 15.x software) but managing it with CCP or CSM was a pain in the back. Then we changed it to the basic set from advanced and configured everything from CLI. Try to reset everything and start working with IOS IPS via CLI. It seems intimidating at the start but then you'll quickly understand the syntax.
Eugene From: Carlos Alberto Campos Jardim <[email protected]<mailto:[email protected]>> Date: Friday, June 1, 2012 4:51 AM To: Kingsley Charles <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [OSL | CCIE_Security] RES: IOS IPS troubleshooting At this time I am managing with CCP. Do you know how to fix it? All signatures were tuned to only produce-alert and IOS IPS keeps reseting connections without providing any alarm.. De: Kingsley Charles [mailto:[email protected]] Enviada em: sexta-feira, 1 de junho de 2012 03:49 Para: Carlos Alberto Campos Jardim Cc: [email protected]<mailto:[email protected]> Assunto: Re: [OSL | CCIE_Security] IOS IPS troubleshooting It is some issue with tcp socket having src port of 443. Are managing it with SDM or CCP? With regards Kings On Thu, May 31, 2012 at 9:23 PM, Carlos Alberto Campos Jardim <[email protected]<mailto:[email protected]>> wrote: Hi guys, I have configured IOS IPS and I getting the following messages: *May 31 12:28:59: %IPS-6-TIMEOUT_EVENT: Synwait timer timeout event. *May 31 12:28:59: %IPS-6-SEND_TCP_PAK: Sending TCP packet:(12.12.12.12:443)=>(44.44.44.44:2985<http://44.44.44.44:2985>),tcp flag:0x4, pak:0x3187DEDC, iso:0x2CCD0C60,tcp seq:0x0, tcp ack:0x0, tcp_window:65535, ip_checksum:0xDA60, Serial0/0/0,feat_flags:0x10000, fast_path(no) >From statistics I can see: Lab_ips_Eng#sh ip ips statistics Interfaces configured for ips 1 Session creations since subsystem startup or last reset 131182 Current session counts (estab/half-open/terminating) [0:907:0] Maxever session counts (estab/half-open/terminating) [2:1000:1] Last session created 00:00:09 Last statistic reset 00:02:17 TCP reassembly statistics Out-of-order packets dropped 0 Do you guys have any insight about these errors? Best regards! Carlos Jardim _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
