Filter
Top Products
C-65
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the ASA 5500 AIP SSM
• 1311.0
• 1315.0
• 1316.0
• 1317.0
• 1330.0
• 1330.1
• 1330.2
• 1330.9
• 1330.10
• 1330.12
• 1330.14
• 1330.15
• 1330.16
• 1330.17
• 1330.18
The ASA 5500 AIP SSM and Jumbo Packet Frame Size
Refer to the following URL for information abou the ASA 5500 AIP SSM jumbo packet frame size:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1328
869
Note A jumbo frame is an Ethernet packet that is larger than the standard maximum of 1518 bytes (including
Layer 2 header and FCS).
The ASA 5500 AIP SSM and Jumbo Packets
The jumbo packet count in the show interface command output from the lines Total Jumbo Packets
Received
and Total Jumbo Packets Transmitted for ASA IPS modules may be larger than expected
due to some packets that were almost jumbo size on the wire being counted as jumbo size by the IPS.
This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted
to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The
ASA removes the added IPS header before the packet leaves the ASA.
TCP Reset Differences Between IPS Appliances and ASA IPS Modules
The IPS appliance sends TCP reset packets to both the attacker and victim when
reset-tcp-connectionReset TCP Connection is selected. The IPS appliance sends a TCP reset packet only
to the victim under the following circumstances:
• When a deny-packet-inlineDeny Packet Inline or deny-connection-inlineDeny Connection Inline is
selected