Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
2
Replies

SSM IPS blocking via ASA

Go to solution
acomiskey
Level 10
Level 10

‎03-20-2008 11:15 AM - edited ‎03-10-2019 04:02 AM

I have set up my ASA asa a blocking device in my ssm10. That part works fine. The problem is I had defined local networks in the "Never block Addresses" configuration box. Before long, the ASA had in fact shunned an address which was part of that "never block addresses" configuration. Does this configuration work when using ASA, or does it only work for IOS?

If it doesn't work, is the alternative to write an Event Action Filter to subtract the Block Host action?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎03-20-2008 11:55 AM

When posting please include the software versions you are using.

There is a known bug in 5.1(7) and earlier where the Never Block is not preventing blocks for Addresses that are within a Network address in the Never Block list.

CSCeh83037

However, this issue was fixed in the 6.0 before 6.0(1) was released.

So if running 5.1 then you are likely hitting this known issue.

But if running 6.0 this may be a new issue.

And as you've stated using an Event Action Filter to prevent the block request in the first place for those addresses is a good workaround. This workaround is also listed in the release notes for that bug mentioned above.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎03-20-2008 11:55 AM

When posting please include the software versions you are using.

There is a known bug in 5.1(7) and earlier where the Never Block is not preventing blocks for Addresses that are within a Network address in the Never Block list.

CSCeh83037

However, this issue was fixed in the 6.0 before 6.0(1) was released.

So if running 5.1 then you are likely hitting this known issue.

But if running 6.0 this may be a new issue.

And as you've stated using an Event Action Filter to prevent the block request in the first place for those addresses is a good workaround. This workaround is also listed in the release notes for that bug mentioned above.

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to marcabal

‎03-20-2008 12:56 PM

Cisco Intrusion Prevention System, Version 6.0(1)E1

I put in the action filter and it seems to be ok for now.

Thanks for the help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card