Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
181
Views
0
Helpful
1
Replies

ASA threat-detection does not seem to be working

S891
Level 2
Level 2

‎06-09-2015 11:35 AM - edited ‎03-11-2019 11:04 PM

Hi,

I have configured threat-detection on ASA and it does not seem to be doing shun to IP addresses that are doing scanning or syn flooding. 

I have the following config. Any suggestions why this may not be working? I have  excluded my internal public and private IP addresses. Could be making shun to not work since one end of connection is my internal address? Any part of config missing?

 

threat-detection basic-threat
threat-detection scanning-threat shun except ip-address x.x.x.x 255.255.240.0
threat-detection scanning-threat shun except ip-address 10.20.0.0 255.255.0.0
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

 

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-10-2015 02:18 AM

Hi,

I think it seems to be probably because of the SHUN except command that you have configured on the ASA device. Also , the Except policy is quite wide.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card