Cisco IPS 7.1 Installation Guide Page 346

  • Download
  • Add to my manuals
  • Print
  • Page
    / 422
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 345
E-76
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the ASA 5585-X IPS SSP
1330.12
1330.14
1330.15
1330.16
1330.17
1330.18
For More Information
For detailed information about the Normalizer engine, see Normalizer Engine.
The ASA 5585-X IPS SSP and Jumbo Packet Frame Size
Refer to the following URL for information about ASA 5585-X IPS SSP jumbo packet frame size:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1328
869
Note A jumbo frame is an Ethernet packet that is larger than the standard maximum of 1518 bytes (including
Layer 2 header and FCS).
The ASA 5585-X IPS SSP and Jumbo Packets
The jumbo packet count in the show interface command output from the lines Total Jumbo Packets
Received
and Total Jumbo Packets Transmitted for ASA IPS modules may be larger than expected
due to some packets that were almost jumbo size on the wire being counted as jumbo size by the IPS.
This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted
to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The
ASA removes the added IPS header before the packet leaves the ASA.
TCP Reset Differences Between IPS Appliances and ASA IPS Modules
The IPS appliance sends TCP reset packets to both the attacker and victim when Reset TCP Connection
is selected. The IPS appliance sends a TCP reset packet only to the victim under the following
circumstances:
When a Deny Packet Inline or Deny Connection Inline is selected
When TCP-based signatures and Reset TCP Connection have NOT been selected
In the case of the ASA IPS module, the TCP reset request is sent to the ASA, and the ASA then sends
the TCP reset packets. The ASA sends TCP reset packets to both the attacker and victim when the Reset
TCP Connection is selected. When Deny Packet Inline or Deny Connection Inline is selected, the ASA
sends the TCP reset packet to either the attacker or victim depending on the configuration of the
signature. Signatures configured to swap the attacker and victim when reporting the alert can cause the
ASA to send the TCP reset packet to the attacker.
For More Information
For detailed information about event actions, refer to Event Actions.
Page view 345
1 ... 345 346 347 ... 422

Comments to this Manuals

No comments