Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
1
Replies

find out rate-limit drop source Ip

joseluis.pedrosa
Level 1
Level 1

‎05-20-2011 05:38 AM - edited ‎03-11-2019 01:36 PM

     Hi all!

I'm having these message in firewall:

[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 16 per second, max configured rate is 5; Cumulative total count is 10198

I'd like to know the source Ip of this 'scan' and if was the case, how to allow that ip.

Thanks!

Jose Luis Pedrosa

Labels:
0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎05-23-2011 09:45 AM

Hi Jose,

By default, the ASA won't keep track of the source and destination IPs that trigger these messages. However, you can enable these statistics with the following command:

threat-detection scanning-threat

If you don't add the 'shun' keyword to the end of the above command, traffic will be allowed according to your existing security policy (ACLs, inspections, etc.).

Once the command is enabled, you can do 'show threat-detection scanning-threat' to see the list of targets and attackers that the ASA has identified.

Hope that helps.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card