i have recently deployed remote access VPN services on our Cisco ASA 5510 firewall. it seems that some services are randomly blocked when on vpn, for example, rdp connection to internal server disconnects when left idle for 5 minutes, then you can't even ping the server from the vpn connection.
the ASA device also has an IPS module - AIP SSM20, with up to date signatures. i am not currently able to view the IPS through the ASDM / IDM interface. i am guessing there could be an issue with it. i am able to SSH connect to the management port on the IPS module though, and when i do a show health command - it says that overall health status is red. i am guessing this cannot be good?
i have the ASA and IPS events being logged to a Cisco MARS central syslog server. i have viewed the events sourced from these devices in MARS, and i am seeing many packets being dropped for traffic that should really be permitted - in particular, i see these 2 events - packets shunned, and deny packet - no xlate.
like i said, the events above are occuring on traffic that should be allowed as per the configured security policy on the ASA.
Does anybody know what might be causing this? maybe it is something that needs tuning in the IPS module, but as i said, i can't connect to it at the moment due to some unknown issue. maybe the IPS module needs a reboot?
any help on any of the above or any suggestions would be greatly appreciated.
thanks in advance