03-20-2008 11:15 AM - edited 03-10-2019 04:02 AM
I have set up my ASA asa a blocking device in my ssm10. That part works fine. The problem is I had defined local networks in the "Never block Addresses" configuration box. Before long, the ASA had in fact shunned an address which was part of that "never block addresses" configuration. Does this configuration work when using ASA, or does it only work for IOS?
If it doesn't work, is the alternative to write an Event Action Filter to subtract the Block Host action?
Solved! Go to Solution.
03-20-2008 11:55 AM
When posting please include the software versions you are using.
There is a known bug in 5.1(7) and earlier where the Never Block is not preventing blocks for Addresses that are within a Network address in the Never Block list.
CSCeh83037
However, this issue was fixed in the 6.0 before 6.0(1) was released.
So if running 5.1 then you are likely hitting this known issue.
But if running 6.0 this may be a new issue.
And as you've stated using an Event Action Filter to prevent the block request in the first place for those addresses is a good workaround. This workaround is also listed in the release notes for that bug mentioned above.
03-20-2008 11:55 AM
When posting please include the software versions you are using.
There is a known bug in 5.1(7) and earlier where the Never Block is not preventing blocks for Addresses that are within a Network address in the Never Block list.
CSCeh83037
However, this issue was fixed in the 6.0 before 6.0(1) was released.
So if running 5.1 then you are likely hitting this known issue.
But if running 6.0 this may be a new issue.
And as you've stated using an Event Action Filter to prevent the block request in the first place for those addresses is a good workaround. This workaround is also listed in the release notes for that bug mentioned above.
03-20-2008 12:56 PM
Cisco Intrusion Prevention System, Version 6.0(1)E1
I put in the action filter and it seems to be ok for now.
Thanks for the help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide