09-10-2013 11:10 AM - edited 03-10-2019 06:02 AM
Once in a while, it becomes necessary to troubleshoot network activity and the packets' journey through the IPS.
Is there a simple way to completely ignore an IP address?
This question pertains to the asa 5585 with the IPS module and IME v7.1(6)E4.
I know how to 'ignore an ip address' in the ad0 of the Anomaly Detection feature of IME, but does this mean that no IPS processing occurs?
Please advise.
-Will
09-10-2013 11:46 AM
The filter (under event action rules) is the feature you are looking for. There you can tell the sensor to remove all actions for all signatures for this particular IP.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-11-2013 11:20 AM
Hi Will,
Like Karsten mentioned, event action filter is the way to ensure no IPS processing for the said IP/subnet.
Configuration from CLI:
Using IME:
HTH.
-
Regards,
Sourav Kakkar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide