Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2225
Views
5
Helpful
5
Replies

Whitelist IP from IPS

Go to solution
Stuart-ITGL
Level 1
Level 1

‎07-03-2019 07:47 AM

Have a pair of 5515-IPS that are having a pen test done soon.  We need to whitelist the pen test company IP addr from the IPS module.

 

Does anyone have any suggestions on how to do this?  Had thought of possibly excluding those addresses from the policy map and/r class map but not sure which one or how to do that.

 

TIA

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Stuart-ITGL

‎07-04-2019 07:52 AM

If your IPS class map currently uses a "match any" then just change it to "match access-list <acl name>".

Make the ACL simple - first deny the pen testing address(es) then permit all.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wpxref87994

View solution in original post

5 Replies 5

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-03-2019 10:37 PM

Just exclude them from policy-map.
0 Helpful

Go to solution
Stuart-ITGL
Level 1
Level 1
In response to Mohammed al Baqari

‎07-04-2019 01:36 AM

Thanks for that

At the moment all traffic is sent via IPS just under the global policy map. What would be the best way to exclude the 2 IP addresses that need to be whitelisted?
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Stuart-ITGL

‎07-04-2019 07:52 AM

If your IPS class map currently uses a "match any" then just change it to "match access-list <acl name>".

Make the ACL simple - first deny the pen testing address(es) then permit all.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wpxref87994

Go to solution
Stuart-ITGL
Level 1
Level 1
In response to Marvin Rhoads

‎07-05-2019 07:01 AM

And doing that will effectively whitelist the pen test addresses from the IPS module and cause them to bypass that side of things?

Just wanting to make sure I've understood correctly
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Stuart-ITGL

‎07-05-2019 07:51 AM

Correct. The Pen testing address(es) never get evaluated by the IPS module if you do that.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card