https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5238158#M1118304 <P>The control plane ACL has a blacklist of known bad IP addresses, then a whitelist with every IP I could find/trust. This included the list of our partner orgs servers and it would still stop working after an amount of time.</P><P>Looking into the RAVPN protection you listed, I was able to upgrade to 9.18(4). I see that it listed 9.18(4)40. I'm unsure of the difference. If it helps we are running an ASAv</P> Tue, 17 Dec 2024 23:22:11 GMT zgovernale 2024-12-17T23:22:11Z https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237554#M1118272 <P>Cisco ASA Software Version 9.18(3)55</P><P>SSP OS Version 2.12(0.519)</P><P>I've been working with a managed service partner to try Whitelisting as a way to combat brute-force attacks. I've added a whitelist of known IP addresses to allow access and deny any other access.</P><P>We also have a tunnel for communication to a partner network. The issue I'm running into is that we lose that communication once this ACL is enacted. It's not right away but within the following hour. Note: I've added the partner IP range into the whitelist, I also don't have a FTN to enable geolocation blocking.&nbsp;</P><P>Is there a better place to put a whitelist so that it won't impact internal communications?</P> Mon, 16 Dec 2024 17:36:47 GMT https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237554#M1118272 zgovernale 2024-12-16T17:36:47Z https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237557#M1118273 <P>What is VPN you use RA VPN of S2S</P> <P>MHM</P> Mon, 16 Dec 2024 17:41:01 GMT https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237557#M1118273 MHM Cisco World 2024-12-16T17:41:01Z https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237558#M1118274 <P>The whitelist is meant to cover the people trying to RA VPN. The S2S is our tunneled connection to our partner org.</P> Mon, 16 Dec 2024 17:43:11 GMT https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237558#M1118274 zgovernale 2024-12-16T17:43:11Z https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237559#M1118275 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1823973">@zgovernale</a> what did you configure in the control plane ACL? If connections drop after an hour it could be an existing connection that timeouts and thus was unintentionally blocked in the cplane ACL. Check the logs to compare with the cplane ACL</P> <P>For RAVPN protection and your hardware supports it, upgrade and use threat protection. <A href="https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-asa/222315-configure-threat-detection-services-for.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-asa/222315-configure-threat-detection-services-for.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 16 Dec 2024 17:45:06 GMT https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237559#M1118275 Rob Ingram 2024-12-16T17:45:06Z https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237560#M1118276 <P><A href="https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html</A></P> <P>MHM</P> Mon, 16 Dec 2024 17:45:32 GMT https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5237560#M1118276 MHM Cisco World 2024-12-16T17:45:32Z https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5238158#M1118304 <P>The control plane ACL has a blacklist of known bad IP addresses, then a whitelist with every IP I could find/trust. This included the list of our partner orgs servers and it would still stop working after an amount of time.</P><P>Looking into the RAVPN protection you listed, I was able to upgrade to 9.18(4). I see that it listed 9.18(4)40. I'm unsure of the difference. If it helps we are running an ASAv</P> Tue, 17 Dec 2024 23:22:11 GMT https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5238158#M1118304 zgovernale 2024-12-17T23:22:11Z https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5238305#M1118310 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1823973">@zgovernale</a> it depends on which exact version of 9.18 you are running, 9.18(4)40 (or higher) is an interim version, which would include this functionality, the initial version of 9.18(4) would not.</P> <P>9.18(4) interim version download - <A href="https://software.cisco.com/download/home/286119613/type/280775065/release/9.18.4%20Interim" target="_blank">https://software.cisco.com/download/home/286119613/type/280775065/release/9.18.4%20Interim</A></P> <P>&nbsp;</P> Wed, 18 Dec 2024 08:49:44 GMT https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5238305#M1118310 Rob Ingram 2024-12-18T08:49:44Z https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5238448#M1118326 <P>I send you PM check it</P> <P>MHM</P> Wed, 18 Dec 2024 14:22:31 GMT https://community.cisco.com/t5/network-security/whitelist-on-cplane/m-p/5238448#M1118326 MHM Cisco World 2024-12-18T14:22:31Z