https://community.cisco.com/t5/network-security/ddos-default-settings/m-p/2149650#M356686 <P>Hi,</P><P></P><P>my question is: Which default settings are done on a Cisco ASA and a CISCO ASR (with firewall IOS) against DDoS attacks?</P><P></P><P>The Cisco ASR is configured as zone based firewall, which inspect all pakets. </P><P>I read the article </P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/sec-ddos-attack-prevn.html" target="_blank">http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/sec-ddos-attack-prevn.html</A><SPAN> and wanted to know, what the device will do aiganst DDoS attacks, if I don't configure the settings from the "</SPAN></P><P>Protection Against Distributed Denial of Service Attacks" guide.</P><P></P><P>Could you explain that for me?</P><P></P><P>Thanks in advance!</P> Tue, 12 Mar 2019 01:00:11 GMT jhoffma_3 2019-03-12T01:00:11Z https://community.cisco.com/t5/network-security/ddos-default-settings/m-p/2149650#M356686 <P>Hi,</P><P></P><P>my question is: Which default settings are done on a Cisco ASA and a CISCO ASR (with firewall IOS) against DDoS attacks?</P><P></P><P>The Cisco ASR is configured as zone based firewall, which inspect all pakets. </P><P>I read the article </P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/sec-ddos-attack-prevn.html" target="_blank">http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/sec-ddos-attack-prevn.html</A><SPAN> and wanted to know, what the device will do aiganst DDoS attacks, if I don't configure the settings from the "</SPAN></P><P>Protection Against Distributed Denial of Service Attacks" guide.</P><P></P><P>Could you explain that for me?</P><P></P><P>Thanks in advance!</P> Tue, 12 Mar 2019 01:00:11 GMT https://community.cisco.com/t5/network-security/ddos-default-settings/m-p/2149650#M356686 jhoffma_3 2019-03-12T01:00:11Z https://community.cisco.com/t5/network-security/ddos-default-settings/m-p/2149651#M356687 <HTML><HEAD></HEAD><BODY><P>Hi Julia,</P><P></P><P>Check the following links for further information </P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_threat.html">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_threat.html</A></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml</A></P><P></P><P>We also have the normalizer inspection provided by the ASA that will inspect each tcp packet and make sure it conforms to the RFC,etc,etc,etc,etc</P><P></P><P>For the IOS firewall</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd804e5098.html">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd804e5098.html</A></P><P></P><P>Does are the defaults that I could think at this moment,</P><P></P><P>Regards</P><P></P><P>Julio Carvajal </P></BODY></HTML> Fri, 01 Mar 2013 04:45:44 GMT https://community.cisco.com/t5/network-security/ddos-default-settings/m-p/2149651#M356687 Julio Carvajal 2013-03-01T04:45:44Z