08-27-2012 09:57 AM - edited 03-11-2019 04:46 PM
I have two ASA 5585 in an active/standby cluster, i have had this problem two times in the last week.
We had problems with the physical network interface card in two servers and these servers started to send an anomalous traffic recognized in my Cisco Security Manager like an event type 500004. The ASA cluster went unavailable like it was suffering an DoS attack, i have an IPS in each ASA and i think it is responsible to control this type of traffic.
Somebody have any idea about a solution for this problem??, I need to control this problem.
08-28-2012 01:31 AM
Luis:
I guess you are in the wrong corner. This is security sub-forum under Wireless forums.
you better move the thread to the security main forums.
Nice to catch you in our place though.
Buy a wireless device and come anytime if you need help
Amjad
You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".
08-28-2012 12:10 PM
Hello Luis,
can you explain whitch device has the 129.125 ip address.
Regards,
Julio
08-28-2012 12:22 PM
I don't know which device is this IP i think this is an attacker, but i don´t know why my IPS doesn't drop this traffic. Yesterday I have made configurations in my IPS and i hope this work if this kind of attack start again.
08-28-2012 12:48 PM
Hello Luis,
Hope so, let us know what happens.
Also if this does not work please send us a good picture of the log you are receving as at least I cannot read it well ( with my glasses on )
Regards
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide