Once in a while, it becomes necessary to troubleshoot network activity and the packets' journey through the IPS.
Is there a simple way to completely ignore an IP address?
This question pertains to the asa 5585 with the IPS module and IME v7.1(6)E4.
I know how to 'ignore an ip address' in the ad0 of the Anomaly Detection feature of IME, but does this mean that no IPS processing occurs?
The filter (under event action rules) is the feature you are looking for. There you can tell the sensor to remove all actions for all signatures for this particular IP.
-- Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Like Karsten mentioned, event action filter is the way to ensure no IPS processing for the said IP/subnet.
Configuration from CLI:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: