cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
946
Views
0
Helpful
1
Replies

Threat-Detection Feature Blocking Traffic

latenaite2011
Level 4
Level 4

How can I prevent the threat-detection from blocking assess to an IP?

 

I have disabled the basic threat-detection and have included that IP in the exception list.  I rebooted the ASA to make sure that there everything is released from memory but when, when I issue the "show threat-detection statistics | inc <IP Address>, it still show sup with an total session and active session.

 

I believe this is preventing us from accessing the IP, which is ok to access.

 

Thank you in advance,

LN

1 Reply 1

Bogdan Nita
VIP Alumni
VIP Alumni

Total sessions and active sessions in threat-detection statistics do not indicate traffic drops. Dropped sessions should show up in fw-drop, insp-drop, null-ses and bad-acc, depending on the reason the session has been dropped.

In this sort of situations it is helpful doing a packet capture on the incoming and outgoing interface and compare the 2 and see if the ASA is actually dropping traffic.

You could also do a asp-drop capture for the specific IPs and see if the packets are dropped and why.

 

HTH

Bogdan

Review Cisco Networking for a $25 gift card