Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I have a problem with a CISCO 5548 switch . I cannot find the login-block command.System version: 7.0(2)N1(1)In global configuration mode there is no login-block command, neither under system login block-for or in the aaa subsystem menu.As per ex...
HW : Cisco ASA 5525 asa912-smp-k8.bin Problem :I would like to limit the amount of repeating connection for a host in the back-end and for a specific port that is mapping to SSH. While on the server there is SSHGUARD dropping in timeout from Brute-...
I have this network configuration : cisco 7201 router --> Nexus N5k --> ASA5525 --> Host they are running at 1Gbps speed. I would like to improve the overall performance of the network.So It came to my mind to higher the MTU size for example.Makes s...
As per title. I would like to collect ALL message from a machine and dumping them inside a syslog file of 10 MB size that will overwrite it once it is reaching the size limit. Is that possible and how?
Workaround: Replace "login block-for" and "login quiet-mode" with "system login block-for" and "system login quiet-mode", respectively. Use "show system login ..." for relevant show outputs.Nothing, these commands are not implemented .
Now using SSHGUARD i shunned manually those "bad IP" on the ASA using the shun command.But would be nice to have something automated as IPS to specific TCP ports, when you have a web server hosting thousand of connection to 443,80 how can I manage it...
Thank You for the reply,The problem with TCP intercept is that the target host is a web server, and risk to block also nonthreatening TCP traffic as it is a commercial website. THAT was the main problem with TCP intercept..Need something that blocks...
Hi all , I solved this upgrading to the latest IOS version available for the 7201 series router.No more problems detected as the configuration has not been changed since the IOS update.Thanks for help!
HI @paul driver @MHM Cisco World , thank you for you replies. Well yes the actual topology is 7201-->>N5k-->>ASA-->>HOST Regarding the ssh port it is an "escamotage" or work-around for avoiding leaving port 22 open on the router itself and redirect ...
