Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2809
Views
0
Helpful
4
Replies

Block IP address from Outside interface

SamMooreIT
Level 1
Level 1

‎06-24-2011 07:59 AM - edited ‎03-11-2019 01:50 PM

Hello.

Recently, I've been having significant problems with denial of service on our ASA-5510. Two IP addresses in particular attack my ASA regularly. What kind of rule do I need to create to deny these IP's access to my firewall?

Thanks!

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
4 Replies 4

Kelvin Willacey
Level 4
Level 4

‎06-24-2011 08:09 AM

What type of attack?

0 Helpful

SamMooreIT
Level 1
Level 1
In response to Kelvin Willacey

‎06-24-2011 08:46 AM

Either a Scan or SYN attack. But the IP's in question are generating significant inbound traffic. They are listed in top 10 sources pie of my ASDM GUI.

Sent from Cisco Technical Support iPhone App

0 Helpful

advijay
Level 1
Level 1

‎06-24-2011 08:50 AM

Hey Josh,

If you don't want any connection to estaiblish from two known IP addresses, you may go ahead and "shun" them. The command to do this will look like:

hostname# shun 

Hope this helps!

Regards,

Aditya

0 Helpful

andhingr
Cisco Employee
Cisco Employee

‎06-24-2011 11:05 AM

Since the attack has already taken place. If you are not allowing these  IPs ASA will be blocking them anyways. The best course of action will be to have it blocked upstream and if upstream is your service provider then talk to provider to have the IPs blocked on upstream.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card