Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
4
Replies

Problems with ASA 8.4 event type 500004

Luis Perez
Level 1
Level 1

‎08-27-2012 09:57 AM - edited ‎03-11-2019 04:46 PM

I have two ASA 5585 in an active/standby cluster, i have had this problem two times in the last week.

We had problems with the physical network interface card in two servers and these servers started to send an anomalous traffic recognized in my Cisco Security Manager like an event type 500004. The ASA cluster went unavailable like it was suffering an DoS attack, i have an IPS in each ASA and i think it is responsible to control this type of traffic.

Somebody have any idea about a solution for this problem??, I need to control this problem.

New Picture.png

Labels:
0 Helpful
4 Replies 4

Amjad Abdullah
VIP Alumni
VIP Alumni

‎08-28-2012 01:31 AM

Luis:
I guess you are in the wrong corner. This is security sub-forum under Wireless forums.
you better move the thread to the security main forums.

Nice to catch you in our place though.

Buy a wireless device and come anytime if you need help

Amjad

You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎08-28-2012 12:10 PM

Hello Luis,

can you explain whitch device has the 129.125 ip address.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Luis Perez
Level 1
Level 1
In response to Julio Carvajal

‎08-28-2012 12:22 PM

I don't know which device is this IP i think this is an attacker, but i don´t know why my IPS doesn't drop this traffic. Yesterday I have made configurations in my IPS and i hope this work if this kind of attack start again.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Luis Perez

‎08-28-2012 12:48 PM

Hello Luis,

Hope so, let us know what happens.

Also if this does not work please send us a good picture of the log you are receving as at least I cannot read it well ( with my glasses on )

Regards

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card