ASA VPN Threat Detection - never shun an IP

116

Views

Helpful

Replies

Hello,

I see there is no way to "never shun" an IP address from the VPN Threat Detection feature on the newer ASA code.

This needs to be added. With CGNAT being common ISP practice, we need to be able to tell the ASA to never shun a certain IP address. Without being able to do that, it pretty much makes the threat-detection auto shun feature useless, because now we have to adjust the hold-time and threshold so far out, it will never even stop an actual attacker.

0 Replies 0

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Review Cisco Networking for a $25 gift card