How often the IPS should change the block ACls?W
>> global-block-timeout is another entery that decides how often
On Sun, Oct 9, 2011 at 3:53 PM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:
> If it was working before and not working anymore - most likely the ACL is
> hitting the maximum ACL enteries.
> look for block-max-enteries or similar , it was by default about 200. u may
> need to bump it up.
>
> HTH
>
>
> On Wed, Oct 5, 2011 at 11:46 PM, Vladislav Yezhergin <vlad_ezh_at_hotmail.com
> > wrote:
>
>> The situation is the following:IPS
>> device
>> - IPS4260 7.0(6)E4ARC device - 6500 IOS 12.2(33)SXI5 6500 has 2 Internet
>> connections - vlan2 and vlan11 are according L3 interfaces.IPS works in
>> promiscious mode, traffic captured using VACL capture on vlan2 and
>> vlan11.the
>> servers which must be protected are in vlan 8, i need to setup outgoing
>> block
>> ACL on Vlan8 L3 interface. I have two problems wiht this
>> configurtion:1)IPS
>> didnot enter blocked hosts and connections into the ACL. I see that
>> the ACL on intreface is regualrly changed from IDS_Vlan8_out_1 to
>> IDS_Vlan8_out_0, but no block entries are added .2)if I to try read
>> running
>> config i regularly got the warning that the configration is not
>> accesible.
>> How often the IPS should change the block ACls?Why it doesn't add the
>> Block
>> entries? Thanks for any clue
>> RegardsVladislav Yezhergin
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Oct 09 2011 - 15:55:01 ART
This archive was generated by hypermail 2.2.0 : Tue Nov 15 2011 - 13:10:29 ART