05-09-2012 07:07 PM - edited 03-11-2019 04:04 PM
Hi
My web server was down for the day now it's back on but the ASA won't anyone in with error drop rate-1 exceed
Internally, everything works
How do I fix this?
Thanks!
Sent from Cisco Technical Support iPhone App
05-09-2012 09:34 PM
Jean,
You need to be way more specific on your question. We need to have the complete log for it. Now based on what you are saying, I assume you have scanning threat enable with shun option. Have you looked at your values for threat detection? Are they correlated to the amount of traffic that you expect to see to that server? If not, I would advice you to disable scanning threat.
Mike
05-10-2012 05:05 AM
Hi!
I was getting
4 | May 10 2012 | 07:18:11 | 733100 | [ Website] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 15 per second, max configured rate is 4; Cumulative total count is 111058 |
and
4 | May 10 2012 | 07:20:30 | 733100 | [ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 45 per second, max configured rate is 5; Cumulative total count is 27446 |
If I disable all threat detection, it does not work either. I get not much in the log though
05-10-2012 09:04 AM
Well, there you go, you need to check the scanning threshold value. If you disable scanning threat, at least it should stop shunning the host, it may still show the logs.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide