If it was working before and not working anymore - most likely the ACL is
hitting the maximum ACL enteries.
look for block-max-enteries or similar , it was by default about 200. u may
need to bump it up.
HTH
On Wed, Oct 5, 2011 at 11:46 PM, Vladislav Yezhergin
<vlad_ezh_at_hotmail.com>wrote:
> The situation is the following:IPS
> device
> - IPS4260 7.0(6)E4ARC device - 6500 IOS 12.2(33)SXI5 6500 has 2 Internet
> connections - vlan2 and vlan11 are according L3 interfaces.IPS works in
> promiscious mode, traffic captured using VACL capture on vlan2 and
> vlan11.the
> servers which must be protected are in vlan 8, i need to setup outgoing
> block
> ACL on Vlan8 L3 interface. I have two problems wiht this configurtion:1)IPS
> didnot enter blocked hosts and connections into the ACL. I see that
> the ACL on intreface is regualrly changed from IDS_Vlan8_out_1 to
> IDS_Vlan8_out_0, but no block entries are added .2)if I to try read
> running
> config i regularly got the warning that the configration is not accesible.
> How often the IPS should change the block ACls?Why it doesn't add the
> Block
> entries? Thanks for any clue
> RegardsVladislav Yezhergin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Oct 09 2011 - 15:53:49 ART
This archive was generated by hypermail 2.2.0 : Tue Nov 15 2011 - 13:10:29 ART