08-15-2011 02:04 PM - edited 03-11-2019 02:11 PM
Just fired up the botnet filter service on one of my ASA's today. Seeing traffic that is tripping syslog message 338001 and 338002 where the recommended action is to use the dynamic-filter drop blacklist command.
When I try to use this command, I get the following -
ASA(config)# dynamic-filter drop blacklist
ERROR: Dynamic Filter is not enabled globally on all interfaces
Here is what my MPF looks like at this time -
class-map IPS
match access-list global_mpc
class-map test-udp-class
match access-list test-udp-acl
class-map dynamic-filter_snoop_class
match port udp eq domain
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
description IPS
class inspection_default
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
inspect rtsp
inspect pptp
inspect ip-options
inspect ftp
inspect tftp
inspect http
class IPS
ips inline fail-open sensor vs0
policy-map test-udp-policy
class test-udp-class
inspect ipsec-pass-thru
class dynamic-filter_snoop_class
inspect dns dynamic-filter-snoop
!
service-policy global_policy global
service-policy test-udp-policy interface Outside
Note: I added the dynamic-filter_snoop_class class to the policy on my outside interface policy map instead of having the seperate as the docs indicated since I already had one setup because of some IPSEC traffic that has to traverse from the outside to the inside.
I tried putting this in the global_policy and taking it out of the policy applied to the outside interface but same result.
Ron
08-17-2011 12:25 PM
Ron,
This error is presented if you dont have a valid license for botnet, can you do a show version and check if the botnet traffic filter is enabled?
Mike
08-18-2011 12:13 PM
The license is install led. Found the problem - had to add interface outside to the drop blacklist cmd.
Ron
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide