Implementation problems with Botnet on ASA-Context FW

amir.glibic · ‎06-26-2014

Hi,

I'm currently trying to implement a trial Botnet Traffic Filter on a ASA5520 multicontext.

It's running in a data center, with ~10 customer contexts. When I tried to enable it, we had a bunch of dropped pings on different contexts. I'm not really sure if there is anything wrong in the configuration, or if this is some kind of bug, or even normal behavior.

Licence is activated.

My config:

admin-context:

dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8

system-context:

dynamic-filter updater-client enable

customer-context:

dynamic-filter use-database

access-list dynamic-filter_acl extended permit ip 10.140.1.0 255.255.255.0 any

dynamic-filter enable interface outside classify-list dynamic-filter_acl

policy-map global_policy

class inspection_default
inspect dns dynamic-filter-snoop

After implementing the commands on the system/admin context, the pings to google.com started to drop (4 drops, 6 ok, 3 drops, 10 ok, 1 drop, 1 ok,...).

Has anyone an idea how we can get this runnning without impact on our customers?

Regards,

Amir

nkarthikeyan · ‎06-26-2014

Hi Amir,

Its advised to use the local dns or your isp provided dns.... that also could be the reason... also you are filtering for one subnet which should not affect the other context or users.....

Regards

Karthik

Implementation problems with Botnet on ASA-Context FW

An Easy Three-Step ThousandEyes Adoption Implementation Workflow

Implementation of QoS of MQC Architecture Framework and Syntax

ASA - Botnet Configuration

Implementing Network Time Protocol (NTP)

Implemention of IPsec VPNs