I am configuring remote host blocking on SSM-10 within ASA to make shun on certain signatures. SSM-10 resides on the same ASA on which it should perform shun action. But unfortunately it doesn't work. ASA version ins 8.4(3) and IPS version is 7.0(7)E4.
Here is error messages I get on IPS:
errorMessage: ErrSystemError PIX [18.104.22.168] version major and minor values were not matched name=errUnclassified
errorMessage: Firewall [22.214.171.124] is unable to add a block for [126.96.36.199] due to an error. name=errSystemError
188.8.131.52 is ASA ip address, and 184.108.40.206 is attacker which triggered signature with shun action.
I even tried to use telnet between ASA and IPS to communicate but same result.
Do you have the SSM configured in promiscuous or inline mode? The blocking/ARC config is only relevant for promiscuous configurations. If you have the sensor configured for inline in the service policy on the ASA, then the SSM can directly deny offending traffic. I have seen instances of this error before when you are attempting to configure blocking for an inline sensor.
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...