cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

335
Views
0
Helpful
3
Replies
lcaruso
Contributor

inside servers shunned

Hi,

A client suffered an outage with their isp today with a ASA5505 running 8.4(1).The connection bounced for about an hour or so.

It would appear a side effect of the outage is the ASA shunned two inside servers. The configuration was set to detect scanning threats and shun them, but it did not specify to exclude this network which is not directly connected but is on the inside.

I'm curious if the outage actually caused this but don't understand any conditions in which these servers would be scanning the ASA.

Can anyone shed some light on this? Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
PAUL GILBERT ARIAS
Contributor

with the command "sh threat-detection shun" you can tell if they are being shunned. A syslog message would be generated in that case.

If that happens again should be able to check the result of the command and the logs.

View solution in original post

3 REPLIES 3
PAUL GILBERT ARIAS
Contributor

with the command "sh threat-detection shun" you can tell if they are being shunned. A syslog message would be generated in that case.

If that happens again should be able to check the result of the command and the logs.

View solution in original post

I did a sh shun and it listed them.

We do save the logs on this ASA so it will be a matter of going through them, but I'm still curious what others have to say.

opened a tac case earlier in the day. I'll let you know if they come up with anything worth posting.