03-02-2011 08:19 AM - edited 03-11-2019 12:59 PM
Hi,
A client suffered an outage with their isp today with a ASA5505 running 8.4(1).The connection bounced for about an hour or so.
It would appear a side effect of the outage is the ASA shunned two inside servers. The configuration was set to detect scanning threats and shun them, but it did not specify to exclude this network which is not directly connected but is on the inside.
I'm curious if the outage actually caused this but don't understand any conditions in which these servers would be scanning the ASA.
Can anyone shed some light on this? Thanks.
Solved! Go to Solution.
03-02-2011 08:23 AM
with the command "sh threat-detection shun" you can tell if they are being shunned. A syslog message would be generated in that case.
If that happens again should be able to check the result of the command and the logs.
03-02-2011 08:23 AM
with the command "sh threat-detection shun" you can tell if they are being shunned. A syslog message would be generated in that case.
If that happens again should be able to check the result of the command and the logs.
03-02-2011 08:30 AM
I did a sh shun and it listed them.
We do save the logs on this ASA so it will be a matter of going through them, but I'm still curious what others have to say.
03-02-2011 02:43 PM
opened a tac case earlier in the day. I'll let you know if they come up with anything worth posting.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide