Cisco IPS 7.1 Installation Guide Page 321

  • Download
  • Add to my manuals
  • Print
  • Page
    / 422
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 320
E-51
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the Appliance
Caution The syslog is much slower than logApp (about 50 messages per second as opposed to 1000 or so). We
recommend that you enable debug severity on one zone at a time.
TCP Reset Not Occurring for a Signature
If you do not have the event action set to reset, the TCP reset does not occur for a specific signature.
Note TCP Resets are not supported over MPLS links or the following tunnels: GRE, IPv4 in IPv4, IPv6 in
IPv4, or IPv4 in IPv6.
To troubleshoot a reset not occurring for a specific signature, follow these steps:
Step 1 Log in to the CLI.
Step 2 Make sure the event action is set to TCP reset.
sensor# configure terminal
sensor(config)# service signature-definition sig0
sensor(config-sig)# signatures 1000 0
sensor(config-sig-sig)# engine atomic-ip
sensor(config-sig-sig-ato)# event-action reset-tcp-connection|produc-alert
sensor(config-sig-sig-ato)# show settings
atomic-ip
-----------------------------------------------
event-action: produce-alert|reset-tcp-connection default: produce-alert
fragment-status: any <defaulted>
specify-l4-protocol
-----------------------------------------------
no
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
specify-ip-payload-length
-----------------------------------------------
no
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
specify-ip-header-length
-----------------------------------------------
no
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
specify-ip-tos
-----------------------------------------------
--MORE--
Step 3 Exit signature definition submode.
sensor(config-sig-sig-ato)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Step 4 Press Enter to apply the changes or type no to discard them.
Page view 320
1 ... 320 321 322 ... 422

Comments to this Manuals

No comments