03-26-2025 06:10 PM
Hello,
in ASA Version 9.20(3)7 we tested the new threat-detection service
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-asa/222315-configure-threat-detection-services-for.html
threat-detection service invalid-vpn-access
threat-detection service remote-access-authentication hold-down 10 threshold 20
threat-detection service remote-access-client-initiations hold-down 10 threshold 20
After 20 login-attempts with wrong passwort i see the IP is shunned.
# show shun
shun (Outside) 1.2.3.4 0.0.0.0 0 0 0
Log shows
%ASA-4-401002: Shun added: 1.2.3.4 0.0.0.0 0 0
%ASA-3-733201: Threat-detection: Service[remote-access-authentication] Peer[1.2.3.4]: failure threshold of 20 exceeded: adding shun to interface Outside. WEBVPN: Failed AAA authentication
It seems, the shun is kept forever until we clear it manually.
My Question: is it possible to limit the duration of the shun?
Solved! Go to Solution.
03-26-2025 11:53 PM
@joachimj no there is no shun specific command to configure to set the duration of the shun. The shun is in place until manually removed or the ASA is reboot.
Perhaps use an EEM script to schedule a removal of the shun at a certain time/day?
03-26-2025 11:53 PM
@joachimj no there is no shun specific command to configure to set the duration of the shun. The shun is in place until manually removed or the ASA is reboot.
Perhaps use an EEM script to schedule a removal of the shun at a certain time/day?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide