Cisco ASA - turn off all Intrusion Detection/Prevention

I have an ASA 5510 on the perimeter of my network.  During PCI-compliance scans, it seems to be inhibiting the security company from completing the test.  I originally had "Enable basic threat detection" checked, because I thought that only logged threats.  And then I unchecked even that, but the security scan still fails with a note that states that Interference is being detected.  Is there another area of the FW that also supports intrusion detection settings?  Or do I possibly have some unknown device on my network causing trouble?  thanks
SIDESHOWBLAHAsked:
Who is Participating?
 
ryan80Commented:
If you look at this manual, you will see that you have to define the traffic that is being sent to the  IPS module.

http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/cli/cliSSM.html#wp1030972

So if you remove the policy-map or class that is being used to define the IPS inspection, nothing will go to the IPS module.
0
 
SIDESHOWBLAHAuthor Commented:
I have removed the IPS reference entirely.
0
 
ryan80Commented:
Then nothing should be going through the IPS module.

What makes them think that there is interference?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.