Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
181
Views
1
Helpful
1
Replies

New threat-detection service: can i specify a shun duration?

Go to solution
joachimj
Level 1
Level 1

‎03-26-2025 06:10 PM

Hello,

in ASA Version 9.20(3)7 we tested the new threat-detection service
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-asa/222315-configure-threat-detection-services-for.html

threat-detection service invalid-vpn-access
threat-detection service remote-access-authentication hold-down 10 threshold 20
threat-detection service remote-access-client-initiations hold-down 10 threshold 20

After 20 login-attempts with wrong passwort i see the IP is shunned.
# show shun
shun (Outside) 1.2.3.4 0.0.0.0 0 0 0
Log shows
%ASA-4-401002: Shun added: 1.2.3.4 0.0.0.0 0 0
%ASA-3-733201: Threat-detection: Service[remote-access-authentication] Peer[1.2.3.4]: failure threshold of 20 exceeded: adding shun to interface Outside. WEBVPN: Failed AAA authentication

It seems, the shun is kept forever until we clear it manually.

My Question: is it possible to limit the duration of the shun?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-26-2025 11:53 PM

@joachimj no there is no shun specific command to configure to set the duration of the shun. The shun is in place until manually removed or the ASA is reboot.

Perhaps use an EEM script to schedule a removal of the shun at a certain time/day?

View solution in original post

1 Reply 1

Go to solution
Rob Ingram
VIP
VIP

‎03-26-2025 11:53 PM

@joachimj no there is no shun specific command to configure to set the duration of the shun. The shun is in place until manually removed or the ASA is reboot.

Perhaps use an EEM script to schedule a removal of the shun at a certain time/day?

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top