cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2333
Views
0
Helpful
4
Replies

Block IP address from Outside interface

SamMooreIT
Beginner
Beginner

Hello.

Recently, I've been having significant problems with denial of service on our ASA-5510. Two IP addresses in particular attack my ASA regularly. What kind of rule do I need to create to deny these IP's access to my firewall?

Thanks!

Sent from Cisco Technical Support iPhone App

4 Replies 4

Kelvin Willacey
Enthusiast
Enthusiast

What type of attack?

Either a Scan or SYN attack. But the IP's in question are generating significant inbound traffic. They are listed in top 10 sources pie of my ASDM GUI.

Sent from Cisco Technical Support iPhone App

advijay
Beginner
Beginner

Hey Josh,

If you don't want any connection to estaiblish from two known IP addresses, you may go ahead and "shun" them. The command to do this will look like:

hostname# shun 

Hope this helps!

Regards,

Aditya

andhingr
Cisco Employee
Cisco Employee

Since the attack has already taken place. If you are not allowing these  IPs ASA will be blocking them anyways. The best course of action will be to have it blocked upstream and if upstream is your service provider then talk to provider to have the IPs blocked on upstream.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers