Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
1
Replies

IOS firewall and IPS

lfarago1
Level 1
Level 1

‎03-21-2008 05:13 AM - edited ‎03-11-2019 05:20 AM

There is a 2811 security router configured and there is a web server behind, accessible from the internet.

We want to make stress test from the internet to the web server to see where the router and the webserver pair has their limits. However the router cuts off the stress test correctly, as it is similar to a DoS attack.

Is it possible to make exceptions in protection for some public IP addresses from where we want to run stress tests?

Labels:
0 Helpful
1 Reply 1

lfarago1
Level 1
Level 1

‎03-21-2008 07:02 AM

New discoveries by myself: the stress test was not stopped by the IPS function, actually it has been stopped by the IOS firewall's maximum TCP incomplete TCP sessions to a host" function and access to the host was banned for 10 minutes completely (info found in syslog). I adjusted its settings as required and further testing will be done later.

In IPS I defined an IPS filter to releive required source IP address for testing, excempted from check.

If anyone feels to add something, welcome.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card