All,
I have a confusing issue that I was wondering if anyone else had seen. We were in the process of evaluating the IPS functionality of our 3600C's (5.0.7). In order to get enough hits to do a proper evaluation we created a transparent VDOM and setup interface pairs (2 LAGS, each with 2 10 gig multimode interfaces). On these pairs we setup IPS with all signatures in monitor mode only. This was on two policies, from the switch to our core and one from the core to our switch. This appeared to be working okay but then we starting getting complaints from a group in our department. They are running IBM PCom (personal communications) that goes out and attaches to our mainframe via tcp port 23. On the initial attempt it times out. On the second attempt it works and stays active for a couple of hours before timing out and the process starts again...
I have done a packet capture and don't see anything out of the ordinary. I was just wondering if anyone has had similar issues with transparent VDom and IPS...
Thanks in advance...
