10-15-2008 01:34 PM
I've currently configured a rule to trigger on the keywords (from ASA's) "security negotiation complete" but I receive too many messages (smtp rule)from Lan-to-Lan sites generating this message.
10-31-2008 09:00 AM
You might consider filtering out the LAN-to-LAN sites in the inspection rule. If you are using static IP addresses with your ISP you may filter further based on those.
Example - In the keyword section of the inspection rule:
Group NOT
(LAN-to-LAN OR
%ASA-3-713119: Group = x.x.x.x, IP = x.x.x.x, PHASE 1 COMPLETED)
It can take some real tweaking to get the desired result. Let me know if you need a more specific example of a rule. Hope this helps.
10-31-2008 09:34 AM
good idea...im learning to think a bit more like CSMARS....using "!=" solves more than one isse.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: